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IM& B^mmmi h & mxmnm&m mpmtof ^QV/KM/m7Ss mm. oa : 14 . ABges* 2001 
(14.0S.0i) and mm Q9/8S3M7 &M on 10 May 2001 (10.05.01), mid skims fee hmzBi 
mdQ ® 1X9 <•> ^SQ/27MMS MM on 22 March 2001 (22.03,01), USSH 6O/2?8 5 0K) hkd on 
22 March 200! (22.03.0!) aod IJSSM 6022?? ? 9§0 filed oo 22 March 200! (222)3.01), the 
4kctemsm of which arc incorporated her^m by t^mms. 



Th& pm»mi mvemios reikea to ss£ta^csM<® methods, M mm aspect hsereo£ the 
is^srdisn relates to t wfcd and system for g^femtcstmg an idarj^ieatlon devices, soeh m 
k se!%owereb card (hershiafhjr referred: to as S^O|» 



Bi m& to faklitoie me xettimg of tb» description to follow a tomatoes of terms m& 
acronyms, wMsh are well ksownin the art are iefeed Jbafa*, These detlrdhora an*, apt to be 
iakm as imhhig sag arc provided as examples for Mltatiori of m^erstaisddrig of the 
dkkosore, A complete ash exact dermiiion may be feand m. various hooks arai other 

&£t&enSi«&&*&: is the process of ^edfying ask object or Message to assure thai the object or 
message are i*bar they pnrport to be ark/or were sot tampered with S?«r exanafik 
k^entk&tkg m. e^nk! message can cheek that it was signed »soig & method that eas only 
be pcrtsrmed by tie supposed aesder, 

Is the conversion of data into % fet tkt oarraot fee eakly imderarood by 
people. Beeryptlost is the process of coB^er&ig encrypted data bach into a 
fbror, is which it am be (m least partly) imdarstnod. tlswerypted data is «saa% called 
Main-text while encrypted data is tef^ed to as CXpteexi M some esorcpiioar methods, the 
ssorjptioo aod deorj^tloB ate sobfeei to a JSey, «sed for ©orwersioa bewgeB om form and 
me other. 

Cryptography is the art of protecting ralkrroabos by encrypting it into an iroreadahie fxmmi- 
(le; elpher-texa M some rmpisroeotatieas, only those who possess a secret hey ean decrypt 
the message into plain text. 
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As <fee. Imns-aei ofesr teas of el«pMio srmmmfeemion become more prevalent, 
efectrome seanrby Is besonmrg iBcreasmgiy iroportaat Ci^fegrspfey is fesrefere nsee. to 
psotmt data suek-M e-mail messages, credit card feic^^abom andsoier&. 
Symmetric-key st^tsgr^ky is an m^^m m^^ ^ whisk fee sender and sx^sot «f 
a massage share a single, tte&m key> wfeek is nscd to m^t asd decrypt &sm»sgg, 

^tems are stag&r and Iter, fed Mr mala %mfo&k is mat tie two 
: somehow mMmgeihss key m a seenre way Also, fee receiver can prated (to 
feixd parlies) tfr.be the seadep nsmgfee key* 

the most popular symmeh-lc-key system Is fee BBS (Data Encryption Standard), also 
10 d&mdbM bek>w< 

Asyma^M©-kef er^feitapfey is- a ofptbgrspMc system thai ■aem.-tm %m - fe 
mcrypto aM apofearksy for decryption. 

PufeEc-key enrpfegrapiy » Q3i ssyiimietric^ey oryptograpby; AoesirdiBg to Ms method, 
one ksy m ImowB to a plurality ®f pwss (and feence eatied FtsMMey), wMk tks otfefey 

15 is known only to one parson (m& &sace called fcrtejda^aey), 

An. impmtmt featee of fee jwfcfie key system w mat fee pnhM and ps£mt& keys are related 
fe mch. a way feat onee the pnfebo4eey Is used to moryot a .xaeasag* only fee eose^omkng 
private key eas fee us«Cto deerypt it tOi^ratieally, it is Iniposslfele to debnee fee prl^ato-key 
from fee oorresporidmg pPbBe«ksy> 

20 According to oB.e ixeptemgsrtaiioa s w&en a sender wards to send a secoee message to a 
xeeiptet, &e nses feeredplenf s pi&lie*ey to enssypt fee mossage,and fee t^oipieat uses bis 
ooaespoa&ag pnv^e-key to decrypt it That way the recipient of a data can fee sure feat fee 
data mmm fesa a purported safe (if fee key was not stolen .% and fee sender ©as be 
feat fee data maefees the right destination. 

25 F$m&t**m#<m nmrnlmm are irambsrs 'farcing properties similar to feoss of 

imfebors, for example, certain distribute properties md lack of (easily discernible) 
j-eladosship between conseeutiTe imt^ibors, Trae s imMased, random xaxfebers m dlffiealt if 
tM imposslbfe to generate. Fsendo-random narnbers ean fee generated using oonmatfng 
machinery moms* soilware and ksrdwim Those means are Bsnally called 6t kandom^rnber 

30 generator or RNG. Both Imm m& ne«-linear EHGs are known, wife linear Ms having 
a greater predictability problem. 

BIS (Data Imerypdon Standard) is a MST-stsndard seeret key ervptograpby method that 
nses a Sdfelt feey> DBS is based on as. IBM algorithm feat was imfeer developed fey fee U.S, 



wo mm-mim tctmmnm* 
National Security Agency It uses the Umk eipfer mafeooL wbfofe breaks &s tea Info 64-bit 
blocks before em^feui tbsm, Ifoexe are semal. BBS m&yp&m. modes, Xfee most popular 
mode c&c&asre Ofe each plain to& kbekwifo tke pre vious mcr^ptsdMtfok.: 
BES3 (also called Triple BBS) is m. &mms^mmx m DBS feat provide i§® security ibau 
5 itecW: DPS, whkh uses only one $&Mt key BBSS- may be also be »d for generating 
rssspm stssfeers. 

A Bests femsfenr is a imm@imm&m feat :ommis a rnmfeer p x ^ m da.t» tq$tsmmk®i} 
bran a large space fo a (typically) smaller space, typically wife m mm dfetrfofofesn In a 
typical i^Ismsm^oii, a bask imcfes is used to convert & large suing of feed or wymg 

10 te&gfe into a short vafoe of a feed size, wbiek is called fee Hash vafoe of fee siring. One 
f rcspsrty of HiaKy Mask flmobons Is feat thsy are trefy unmrersibk in feat tite orisltial 
mnnber oannsi be rsccmstmcted fe3ia is Hash; vim lis east be tmeM for tn&f&t^m. 
against t^festwsar% «np!oyees. Merely ennryptfeg fee data may koi be eaotpsb if fee 
enn^Xoyee ear, sisal fee Ira for desryBta. 1 is often desknble feat fee ee^srtefema! efibrt 

I S be relatively moderate. Profofesg art e^en distrfontion may be nsefel in reducing fee to&ribor 
of cofesions (e.g. s different foputa with same bas value, Examples of web feaowm Bash 
feaetiox^ are MD2 and MPS:, - 

B^allei is a recent erlbrt to provide the electronic eqsfealefo ef a wallet (or 1? etler teas 
e^fo^aletit) fur e~oonmmms transactions anmfe for physios! trass&etas. Marry 

2d ■. fe^leinentstioris are known. One fe^Iem^tlon Is that a digital wallet (e^wallet) kdfes 
digital money ikfo is pcrddased similar to travels?s~cbscks, a prepaid account, or it can 
eofoafo credit card fefermatfoo. Tke wallet may reside, Star emsnpie, m a users maoame 
(feeMJfog an eleetrrfee devleefoard) or on fee servers of a Web payment service, Wkm 
stored m a tier's maohinm fee wallet may ose a digital eernrleafo for identifying a 

25 cardholder, 

SSL (Secure Sockets Layer) is a commonly used protocol fer mamagiiig fee security of a 
message tranmbsskm on fee Intast SSL uses a program layer located between fee 
feernefe Hypertext Ttausfe Protocol (HTTP) and Transport Control Protocol (TCP) layers. 
SSI., is feclndsd as pari of bom foe Microsoft and: Netscape browsers and many Web server 
SO products. Tke ^oekenfo pari of fee term refers to foe sockets method of passing data back: 
and Ibrfo between a client and a server program in a network or between program, foyers fe 
foe same compoter, SSI, uses fee publlc-and-prirate key encryption system provided by 
RS A ; wbieh also includes fee nse of a digital eertifeate 



OfeC fCyollo xssksM^jy cfesckmg) is & method of cheeking far errors In. feat 
imnsmfeed on a cononeahcarions ilrdc A $m$$m de^ee apph.es s !6« or 32~bil ^o&fcoteM 
to ■& block of to fet Is to bo traas^fesd «M appends fe« r^snlfesg cyclic redoTraancy code 
(CRC) to m.blML A. receiver applies tie same polpunrdal So fee data and compares its 
S xx&titmg ORG wish the tm&.appwfe&-fy fe® If they agree, fee Malms pe&s&fy 

been, received stieoessMly, Sf nt& fee i»tar«n Bo mtffi^ to rssmd fee Mock of dais. 
Oae Time Costs k & mefeod by wMeh whenever an mfeeMic^sh feial is ,&3&ted, a tiasq&e 
eods 5 single use (qrgmfoty m^Wvfa*t9**k** ps&^xbi fcr aw&aalMaa. 

10 The feternet sad the World Wide Web (WWW) in parties has p-own fa 

p opalaxlry m jac^yMts. U addition to aews sod fefermahoin mental sad contracts 
alike hm® eonae to view fee web as a vlrta^ ti&vfcft range for s&hducfeig biisfees^ kx 
fee ferm of salsa pf pMi, services, s# iste^©a .H0V®&eto s many computer users 
are still somewhat leery of conducting galea trsBSSstos over fee Web especially bwt&az 

IS credit • cassis are skmg wife the qmuttd fear of widespread md 

dissemination of fee credit sard aambess. These same wmt> may also fee of eorafecrfeg 
soo -Internet related sales transactions usmg credit cards. One worry la that Ahes ail, axryone 
can steal a credit card srarobsr and use it later for inraufeorlsed gnn&HttS. 

Thsre are many applications wbere aufecnhe&tion may he seM, for example,, 

20 opening a door to a seonxed location, hn?ing commodities, entrance (and staying hi } a secret 
feeihty, a-conraseme, and logging in to a system. Sometimes presenhBg m ki^iiffieatlon 
sard f such as credit or social security,, is adequate for sMhesficahng a poagm».*B& sometimes 
the anfeentkafem xequissaieafc are so high that She snfeenncation process rngfatto Momettfe 
analysis, 

25 Omaitlj,: credit cards are used tor anthsnticsrion. They comprise ft magnetic stripe 

that comprises the ID of fee owner of the credit card and some additional details. Of course a 
mwmmmil credit aard provides s^^|^;a*B^«gtlo»» sto its aaagwaio strip can 
he copied and an associated secret password (e.g, f PIM) stolen rather easily. Today, In order 
to overcome this drawback, merchants usually verity the identic? of fee credit card holder 

3 0 with another idannfeahon mmM; e.g- an ideotlficatien card or driving license. If owevsr, in 
remote aufeeaticatioii, such as purchasing eommofefies feroogh fee Internet or telephonic 
raeans, the merehanx has no oontaot with fee credit card or the cardholder itself 
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There are two priaslpal tmmk$m cmmiy used to hm®e a. l^asaoiiort 'Wkere & 
credit ossd is mvrilved.. The list om is used for immmUam of a 'feard present transaoibsf ! 
tyns, safe, fee &me k used lor t^mUw® of a s feaa~preseto card: traasaetlon ?> tym, 
Aceordmg to me ifek ieohmqae, toe key fdmsssm. efest in fee transaction The Sm-om Is 
called ^emedfem you havefe. mmzly the ore&t oatfe The second one is s %ome&kig: ..you 
Mow"; namely « password aod fee feM eiasneut Is 'ferng a wtmass 5 *; namely fee 
merelia&t 5 s preseaee. r^gm ekmmts. mtisst whenever a buyer is aebmky where fee 
fraction is sfcm to iak« place; e.g. is a shop. & this case fee earfes details am mmpmsd 
wife fee card's details eomafeed in fee east's issuer database, Verifying fee oarfemfeer is 
earned mt by campmxxg Ms sigaifems to tie one on fee card aadfer using some sort of 
idesdryfeg earn: e.g, a drkfeg lieease. Since fee oard issuer confirms fee cafe details md fee 
transaetfed itseii; the card Issuer feears fee coissennanees m ease of a fiafedl However, fe esse 
of felephefee or Ifeemet Ir^ankonsfsoue of fee ifam*sim®wss& element exist and fee 
mmtmt bears responsibility in case of a framl Solving fee problem of 'ham-present card" 
transactions greatly reduces fee risk taken fey merchants and makes ism more ameambie to 
sack Siasssim 

ConveifeoBal bnsmess models, according to wbiek credit cms! companies operate 
pose a basle problem. Tke problem arises from fee fact, feat m a ease of a s %on-preaest card" 
toanseotlom there are generally two unsecured and pandlshefea^efe which eonfefeme to fee 
risk of femd. The first channel relates is fee transaction channel Itself Whenever a 
cardholder washes to carry ont a transaetiom be la asked by fee mexakant to give ik details 
tsgafefeg fee card and also fee ID amber. Tke marokant towards feeee details to fee card 
issuer fesuaiiy fey phone) and upon approval of fee Iransaekon fey the card issuer, fee 
rmaaaefem is given a special code. Tke second snaanel is fee acfesafieafem phase of fee 
card fey oanvankoaal methods, sued as giving a password to fee card Issuer or fey nsfeg a 
conveofema! deetrefee device. The problem to such eases Is feat fee card issuer eau not be 
sure feat fee specific code given to fee transaction relates to fee correspondfeg auffeerfeoated 
card. 

Currently each merchant is likely to have a nnique digital signature, and therefore It 
is relathrely easy to secure fee memkaa^t sldefeomalrv, Adfetloiially there are several solutions 
provided by several companies, snob as CYOTA are ORBISGOM, aseordfeg to which 
whenever a potential feoyer wishes to make a mmsaeuou, a one-time credit card maiibpr is 
created by fee rsemkaakaekec This kind of soiaboa apparently reduces fee risk of stealing a 
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t%®& card tmmbes. Iiowmrer, this is only a par&u sogu&fo skee Ms ^ns-ikie* Bomber Is 
creeled ml teamed from fee marnhaot to fee card mwst^ mil fee card sssaar has to trust 

A mamt ^m^topmmi m tMs iMd is the "Smart sm€\ A mxmt card fedudes &1MIt4a 
5 miert^roeeasor sad mm&m$ nsed lor ideshtoatfeia m®.w Bnmd&l ttamaetions. A smart 
esrd is currently csed m mmmMm wife a spscsal electronic reading 4mim. Wis ms&L & 
card Is feesried into a xsasfcsr, it transfers data to asm, and xecdves torn, a central mmpntor. I 
is mam secure than a conventional magneto strip card and i$m foe ptogmmsisd to look if tie 
•*rong password is entered too marry times, 
10 Generally* a oonverfeos&l am%erfe«felos system feat revolves & smart sard comprises 

fee Mtowmg elements i 

- A eard (may fee called sko 4 *Maj«B^6iMoal0to'% wM«h comprises at ksst feelD of the 
card sad a secret code, which is um^lyvmqm for each card; aM 

- Art aufee^ticatlan server, whfeh comprises fee details of each of fee cafes, their owner 
1 5 arsd their secret code. 

The aadientlcation process is thiacase is carried oat as follows; 

- Readmg at least fee ID of fee card apd fee secret code from fee smart sard feroogh am 
repot feice; 

~ ti-ariaifettfeg the read data to die afeheatlcatiori server; 
20 - At fee eafeenfieation server, oon^armg fee read secret code wife fe« oae stored m fee 
asfeerfeeatloo at fee ID* s record, fe order to feed a match foetween fee read secret code ■ 
and tire stored one;, ami 

- Seraifeg a transmission wife fee rssoh of fee aafeentlcafeso to fee fafeafer of fee 

~ Fraud of fee card, Sto 6dk#gW/ ekofeome -device it Is wfearaMeto Sam!; 
~ Fraud of tlie Ix^mksta, especially "when &e transnilsdons are cgmtd. oni ^ia the 

~ Fraud, of fee details of the cards $t the aitSi^tloaitm o^tar y ^eck% ^J ^ m-hcuse 
3 0 factor (such as am smploye^ 

Gitfe of itie methods to li^orosse fee security of ocn^sastiou&l aatiieMcadoB 
titt&emes base4 on smart cards is the **o»«Hraw m&&*< Tim m^mm cade msoliaMsm dually 
generate pseudorandom, nuni^ which, fimn an mitdder poim of ?few s are random 
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vmfoent. However, is some wmi^m& syMm® the nambats oar* be predicted md 
&hmm$h?nm$®& t srsoethe -ssmt ms&md ^^m^^m.^mi.^m the same -tsaabaraf 



An aspect of some ^sbs^m^ of ; the mvsnboa reiiatss to controlling m 
aubieaboatioo ps°mm% far example, so as to pmwat a *m$. merchant asd/or a caM aser loom 
StxasL M mi exemplary embodiment of tie. mventton. His pttsteetiOB caagsites ean^tmg 
ttsssmissiom to a rernots aumentieaboii server, lot example to prevent tamprng. 
Dpiiesmdy, the mnrypta ©emprises signing: with mmikmi: feted krfenrnmom for 
example, so m sMAn process can be reliably linked to both a eard and a awdtet 
iytemafeb/ ©r additionally, ffas sncsypbon. comprises signing the transmission at the 
for example to imdtMe user oslaled and swk| p^gs Mfed inionnarlon or a tsxsastop, 
Opaonaby the merchant slgsmtom is provided by the autfaeinicstioB server or m associated 
s&tity. 

& an ssompbny embodlms^ of the hwenhon, ihs encryption 1b prrwxded by soitware 
omboidod or otherwise linked to a WWW page used by the user to access the movant 
Opbosiaaiy, fee embedded software vM.-wotk. only M the merchant M online mdrmpm.m.g 

AJiernahvaiy or abdlM&hy. the merchant sands a one bme code to the user, Jbr 
each session and expeets the code, hash thereof and/br a signed form thereof to fee rettsmed 
hy the user, Thm, %o ossr ceo be vedSed by die niocoh&nt The ends may be provided, for 
example using the embedded sofb^are. 

Alternatively or additionally, protection Is provided by geoonning oodles tor an. 
aunienbeshon card and dien dsstroyMg Iniria! mnnbem used to gmmst* the codes, 
Aibarwbvely or addihoualJy; the oobes nsed by a eard am pre-set at bie Imae a card is 
manaxheinred and no new codes are generated nor is there a way to generate them ooce the 
initial, numbers are hssawed. 

Ahemawvejy or admdonalty, protection is provided by the autbeohcabon .$srra? 
^^piis^-^.simpfeajSimticMsim answer, nhimib a reason, 

Altemahveiy or additionally, the history of aothontieanon of a particmar eard. is used 
to assist autbsndaahom For example, a more reshietwe anthenbeabon method is ased for 
initial saihesbeahon, bat If a. consecutive authentication attempt is made with similar, 
parameters (eg;., but with a cannier that is increased by one or a small uamberb it may 
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mzcmtL Ate&e&My or atf^omfly, fes maim.- of m&m fetwooo a^a&sfe 

a^^ts % used as as mdlsstlom of tit© Tsifdity of m «8*sx#t 

Is. as exemplary embodiment of tho imw&ism, vwiofia deolalpns m&y Be made 
according to tlie rosolts of the Ast&mtkmiois jsrocsss, lor oxamp!s s if to fe® & allow 
5 a -moowi attest, warn. a ms&'m: ttmm a mamkam (^g., if raaay ^Sisstioatkm 

®« «me #i«ittifflt destination). 

Ah aspeei of some embodiments of Itwssstion mistm to a ratted of sigoa! 
dotation for asoBstio signals* & m exsmptarf smbodimast of the mymtm v t&& metood 
emnloys a tmdooff %¥Mo& allows less prosossisg to fee s&sd* while allowing some iypm of 
10 mam & an oxomplary «aktot of ths nwsntion, mo mstfeod oomprises oottalstmg 
m&m tsmsMms of wipmissd F8K. fmp-m^m^ rate man soxrelsimg m &mpmmm 
tissmstibtm* This may allow various dol&ys in an iggx& signal to be correct ion 

Im mm^m m$®4mie®£ of me iiwesMon, a sk«aoldai signal is$*&xs&tiB& as m 
analyoe signal using a Hllfeorl transform. It is %m cosTolatod. wiifa M am! mtegmtod over 
1, 5 as mterwsi The total power ami/or ol&sx property of mis integral Is indloatiwj 6f whether a 
signal Is pmmk ortmiss* 

There is tfess pmi®s& is aoossdaeoe wrda an osemplaty o^e4lmoM of & 
3znrct*t$aB, a me&od of aoihaatisatmg, using m anmsntlcsiion server, the tase of an 
anmonMsstson dswteo ovssf a waswgkat netwods fkm isterfA eomrsmmoata 
20 dovloo, oomnrislssg: 

reoehing m anihenikatisn datagram by said intemiadiato dsmo«; 
protesting said, datagram fey said intsmisdiate device,, by at toast one of oaastgmg, 
ad^tm^ meeting, and signing ofsaB nmffmmmm. 

forwarding said &te$sm to said aittetoatiQn aro for pl«t»n, %taally, 
25 said M^medima d^ke comprise a vendor WWW sife Opticmally, protecting cempiaex 
acidmg a signal associate, wife said vendor to said <Ma^am, Opfio^f^ pr^feg 
comp&sm mioryptmg said a&S&graiii, 

la &b ^Kamglaxy ^bodims&t of Invention^ said .Ipt^im^imtfe device pomprfs^ a 
^sar eomimfeg device. Optimally, said computpg dwiee adds a time stpmp to said 
30 datagram. Optionally, said oompUSmg devks adds a vaBdor-assoclatad i^tbrmai|fei Item to 
sMdd^agram> 



m aa mmmplMry pmm^mm of the fev^sto, said oasspufeg device eno:rypta said. 
m&mm. 0&kmm%. said ms^ptba a one time cads. Alternatively or addiibana% 
said o# time code ie provided by a vmior fa s pstf&oter session Mdtb ssig-aaa; 

hzim.m&mpbtry msmomm&m, oi fkm wvmtikm* said nam mmpmkig dcoies y®m m 
embedded mimm- compare fa. sdi psato±fe& Qj&mt&ly, said bedded software 
a<m^risea as ActiveX mm^kmt AMmm&mfy m &Mm&mUy% mrnpommi u caobed 
said uw* #mhm, Almmmv^fy m mUmm* «■» mmpmmz m&km & ^mprnty va&e 
■gmmSM by a yaife* operate, 

lh m i^mghz? mibodlmm of tfeo mvw&m* comzmmmlkm betwem said 
Msmmm dew and sard server uses & scours cosBccticm. 

Alscm&rrvely or additionally, different oomsmaboation p&tbs am msd for said 
mMm^a^m. and fa trassastiom details from; said war. Alternatively or addidossally; 
dil&mt eonininnieaben patbs osed for said atdfesniioatioE m& fas tsmmsikm details 
xrors. a vandor to said aidfeentscailon ssrvasr. 

The^ is sdse pm%Mz& m mlm$mc? witb aa exampkry e^feodimssaa of ths 
i&tmlkm. a method of Hidboadeaiioo of as anfe^ibeaboa datagram by & remote 
atrdsa^lcaboa sarvet 5 comprisiag: 

sandbag ao anarypted dstagrsm by ssatiro: ooisputo oomtmmloatien irom a vendor 

to md gemote a^inenbeator: 
^Mpax&gsaM. datagram m&. fesi .thereof to * haafe tabls at said ssmsr* and 
generating *. bfeary vsMaabm answer by said server w&tetg an ttssoc&aied 
axplasatloa, 

Tbera is also provided in accordance wife as exemplary embodiment of the 
roveiniom a method of aafbe^bearloa of an ataaiem%atloa datagram bv & renmte 
aumenbcatlan server, composing: 

sending an soorypisd datagram by compafa eoiamunioadon from ao authentication 
daviee to said remote aathernicaiiori. server; 

searching* at said sarvor ; for a. basb value matebfeg said datagram or a bask tboreof ; 

sra! 

gen^mbog a validation ssmrvt by said rsnaoto aafeenricadon servep. respossivo to 
said search,; 



^teem, said ds^gram iBelsdas a secret osale m& whm&m said ssoxei aode 
only on said aaiaethiaadoB d^ice, Qpliossslly, m& mihm&mim 6smm Iriohidas a ptaralij 
of secret cafe that m^-pmmi^^t^^yBBa^M 

Thsre m also pmvtdsd Is accofdaaos wllfe aa ^emplary esahodimsoi of the 
5 ItwaniloB, * mefead of geassatmg & code sat for as au&eaucaUoa deviee, ccsnprismg: 

wovidiag a code geBerat!?ig software; 

ptmsfeg at Inm ooe seed eode for said software; 

geaesafeg said oode set xsdag said software aad said seed; 

deshoymg said seed i&mtid&Uly sfcer gea^mg said coda ssij md 
I Q storing said eoda sol or miial® thereof mi :sm m^ms&mtkm. $mte®. OpuomXfy, 

the method comprises gmasafeg hash values for said soda set Qptaa% fe xaaihad 
oompises gmersimg a second set of hash valassa for said cods set ^simg & dlffeeet hash 



Tbm m siao provided m accordance with as. ^m$mf enfbodirseai of the 
I S IrweMaon, a method of aoHammioaden botweeo a vmdax aad a w 
device comprising: 

^rofegs .^e-topo^ «wr w£t for a &xss&^' 

Bassfcg on said datB.gram ; :fdr/^tiSc^tl0t^ t^'a^niot^ aiitfemiioation sarvar is at 
20 an. Indication of said one time coda tliat m^cfe s«ar is prcmdod wife- saM datagram. 
Optionally, itie tturfbod comprise signing sMd anagram using Md ckqsq *-iane sode by &aid 



Tim® m afeo prm4dsd. in ^corSance with an ^ampiary embodiment of fes 
kymto, amdi&od of x^oi^^a^o^. €®mpshm& 
25 rec^ng aufeitlcatiou datagram by an aatadeation sssw from a remote 

anlhsotioailoB datdsc?; 

matching safe* damgtam ^ a table; 

calouktiug asonnidr ¥afea feom E;matci& and 
validating said aniieBticaion datagram based cm m kcrease m said oganiar over a 
30 mww em^wbek\fwl1l\m aosrt^Ikii Optionally, tbe msr&od oomprte: 
feiling mid autteaiication h»&sd on said mwease bdng too large; <md 



wo Mamas j^mmmim 

0m&ig a. suhseairsot astksa^s&Hes based on alkrfeer merease of said snfcseeoant 
vm&x&m heiag below a second Ihreshelti Opfessally, said thresholds m ifie m&.z, 
Mi%ma$k?<&\% said s^&ssd tbrss&oM. is smaller S» said, oesifen fe^ii 

in as eaan^lary ernbodimefe of fee mveMfera ■ oimate -campmes- an orshnal 
pvMonmMd mM feat mymi s^m^y related to a sot of gawated lata xteafeets. 

There & also provided m accordance with as exemplary ambodamenl of the 
indention, a nsafeod of derating a tr»amissl<m of an aooosdc MsMtaps FS1C signal 
comprising: 

ree«!#sg m acoustic signal; 

ocswerhng the signal into ^WSbdA-^mitSom isfg^ml^ism of the signs! 
oomslating salt eoiwetted sigaa! wife, at least as® refepmee signal i^rssentmg at 
least one e-speered fesqne&ey in said MIL signal: 

fefegr&iitg said, som^ation over as iislemfc and 

delennfeieg if a signal is present hmdd on a feneaholding of a result of said 
Msgmtmgv Ophooatlw fee method eonmrtses ferfeet detaining If a dofectsd sigrnil has a 
mmmcy witMn a certain fieqneney Alternatively "or sddinonaliw the aToefeod 

eomrfesas rfefeer detemfefeag if a detaefed signal lias a signal to seise ratio wlhfea a eertnfe 
signal to noise ratio range, 

fit an. e^sninfery embodiment of fee MTmte* the methed ssnapdses resettling said 
sigml afier said detensining. 

In an ©&«ssplsry ^o^odltnent of the SsYOSta, said threshold is noise dependant of 
ids received signal, 

M m esempiarj efefeodmaest of fee inTeniom fee method eotnpdses ealoMfemg said 
mterval based on a hardware e&araoteristlc of a. prodneer of said sooefelc : 




Kon-lmfeing en&oohrnofes oi|the teeifesn will he described wife reference to the 
following description, of a^einplary embodiments, m eorgonafem with the figures. The 
figures axe gassmlly not shown to Scale and any measnrements are only meant to he 
exemplary and not nesessarily Ikniting, In the figares, identical sdootnres, elements or oarts 
which, appear in more fear? one figure are preferably labeled with a same or similar mmfeer m 
all fee figures in which they appear, in which: 

Fig. 1 schematicslly llmstmtes a process for detecting existence of forged devices, 
according to one aafeodkoent of fee fiwennen;. 

n 



Pig, 2 sslsmmtkally ftfestestos m m&^mmim sfeeme ofa mmm, mm$$&g to m 
exeipplary atsbodimmt of the imwtxsa; 

Fig, 3 &i^m$MmW Mvmmm usfeg aa AstbeX omtral to- seem? 
traBsaotlom, anoororng to a $®efsssss3§ fiaateiaiOBt.of rave&tkst; 
5 Fig. 4A is a Fow^bM of m anfegnieatlon prooesa s aeoordiog to one emfeodimato: of 

the Beatles; 

Fig, 4B la a fiowH^t of as mmtmMim proeess, aoooiGfeg to nnofeer 

Fig, SA. sofesmadefely illustrates toe atmotore of a FSE1 sigaa] acsorfisg to 

10 mx exMoplsay embodiment of lbs iavss^spp; 

Fig, SB sene^deally Ussixatss a detector for & muMmm FSK sigpsl, acemxlfag to 
m esjeeiaptiKy ©mbodimsst of fee feven&m; 

Fig. 6 Is a flow skmt illsstsatkg file process of detection and estimafen of rnFLpton® 
FSK slgosL m aeeordaoee wife as. exemplary ^feodimefe ofiho laysstios; aad 
15 Fig. 7 seFernatioaFy illHstratos a jteofead for deeodrag & mariFon© FSK signal, fa 

amfeod/irneBt of fee in^endon* 

An mm$® of an id^fylng device is a s«lf-poworsd oleoma sard (SPG) feat 
20 pmiotms v&xskm mmmmm^km wife & standard PC or M^tes without nsfeg a card 
reader. The wi transmits & Msr Msr^rloata code to a PC, a mobile, or a x&gtMt ph®m> 
snabBag oslme aorlioMioatioB m& phymm presence is online transactions. Of comae, nm> 
eard dewoas f snob as $mm m& pass, may fee prowded as well, Tb® mMm&mkm system 
may be designed to fee mmlesrentod on various compfeer or telephony networks, such as fee 
25 .internet, exttaneto and IVR. systems. - i 

Various cards and card Mated sofiwsrg and hardware wMcfe may be nsefni tor 
carrying oat aod/or using the inversion are dssorrfeed, for example fe 60/278,010, Sled 
March 22, 2001, m/&S3M% SJbi May 10, 2001, 6Q/278 f Q6S s . filed Ms® 22, 2001, 
60/277 5 90d s filed Marofe 22, 2001, US patent application Sled May 12,2000, attorney docket 
30 20257-11, fey applicants Aloo Ammo% et ai, and esffid s ltoysieal Presence digital 
Aotoendoailon SyaierFl PCOTWI0506: -filed on i6-Sep~9F PCT/IL90/00S25 filed on 04- 
Qci-9% FCT/ll#V0O521 Sled on. 01~Oci-99 5 PCT/1B99/021 1 0, Fled en 16-Nov~99 s 
FC17ILOF0075S riled on 14-Aag-OF 09/820,358 Fled Marefe FS, 200 F FCI/IL9 8/00450 
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filed, ob. l&B^m and a PCX isSMos fided on art* date by a^&asat Condense, et al- 
and, ixavsag attorney doeket 10fe02dSfe fee disefesaree- of widen- #tt irnrorporated herein by 
reference. 

The .eased may also support pqpaaa& card legacy systems, msh m magsmie sMtse 
readers. It can fee imptasntefe in example as a steM emdlt e&rd or a banlarard, a 
membership card, or a gift amifloate, m& worScs both on. fee Internet and in the eflline 
wend, AdfedonaSy a wmm&msl smart cardfe eleofeonio «t { fe g, m feeerrome 
ntbrooMp) may be mMfod aa fee SKI 

To nse fee card, m same anfeodiments of fee xQYBO&m, fee cardholder ssireenes a. 
feattoti provided on. fee card,, wfella feolfefeg fee oafd xelstiwdy feosa (a,g, s approximately 3 
msbes tea) to fee front of fee PCs mfer^none. I^wito sands a some fcaoatsMoa of 
a oae-tlme oode to fee device's jMctfcfshoiie, 

Is addition, a s&at software* whldi may be for example a oeamsimioafe^s layer 
exceeded ia a web page, reserves this encrypted &m^ms> code, Tne oomnnanleailoa layer 
relays fee code, ^nailered (or as described below, fee example, encoded aofeox wife data 
added), to a remotely looated Ambemioatioa server for anfeentiosrjon. Cmxent camions of 
fee cleat aofeffis ra fale database program based so:tWsre f which are based o% fen not 
Ibfeted. to , Mlerosoft SQL and Oraels, for example. 

Xho% fee card, in same emlsodfeaems of &» :im'mta s eenwla 3?Ca ox telephones 
hato poffe of sale texrrfemls, anabHog seente fetemet shcffdpgi bsakxag, and irsancial 
aoconnt sendees. 

The a» software may be osmilgmed to isscerYe fee signal of as actwsted ComDot 
card (e.g. ? a oard as described, herefefe laimeh a web browser ami visit a speorfls UlCfe snah 
as feat of die card issaar. 

The card may serve as a user anfeeoheaifen, loyalty and aeeore rrmisaetlen system, 
based aronnd a credit card sized layer of sleefecmfe fetofetrydllds elrsxbtry may be powered, 
by as on~card battery and. astis-ated by a flat switch, erobedded is a standard credit card. 

After -visaing fee Web site of fee mamafeemrer of the card, a corrannmcatias layer 
(embedded In fee Web site for anamyle as sc. ActiveX control or JM plug-in) raay fee cached 
into fee nseds browser. Upon card activation, the commnfecsiion layer reeewee the signal 
from fee cany and aofeenocatss fee card through oorarn erica don wife a sewer mmfeg 
aafeeodcadon software. The information transmitted by fbe card Is received, by a client 
software application, remains on a Adndcws-eonpnatible PC, or as part of a PC-based. 
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telephony Mracilw Voice Reapers |M) or Comp^T®!#toy (611) i^to Other 
txmmmteaskm methods may fee provided feMe&d 

G^o&aEy, ^mfyixxg thai a complete signs! w» r«cafeed s the slient wfgmss* 
spplioatioa $m£& fee received sfeaafe fea a sae^ BXIBs or SiL nstwosk ifek- to too 
5 AMhaifeo^fem Sarvm Jk mm embodiments of fee wssm^a, m decryption of fee 
transmitted signal is psdczmsd on the eikai It be noted feat encryption fey fee cheat 

is a asperate step irem. asing an SSL link, m Ui& p^&mm& m M^m& software nrdts, over 
which different degrees: of control are available and difeni degosss sad types of attacks by 
a hacker for other nmikhoos person) may 150 psrpePralsal 
10 For remold ^th^oatkm, the card's sigsal is ophon&iiy seal to Iks anfeenhe^oa 

mvm -ht example fey the silent soltware or am AottwX costol The server m^mms ms&y$$& . 
Ms mgml, tbm reports to fee card Issuer's or third party's web servor as to whether fee signal 
Isi oueanoa emm &om. a Valid (Le. active oard) or frrvalia gnome* 

In m zxmxptezy- embodiment of tfee ideation, fee msmemaomioa sjsiem envoys 
i. s asips, ooe-tlroe cryptographic codes fox erfeasoed s^enrhy. This o^e-tmie cod© is < 
md moryoted fey the osrfe and remains eimrypted mfei It reaves fee snfeaafe 
serfewsm Optionally* so decryption offee data, which is reesfeax! from the sard, is .': 
In the sofeantfeation ww. 

fc an o;semnfeny amhedfeteat of &e invsniiom when m e-wallef. mm$m& payment 
20 Wofe site or gateway, or other payxsent middle ware is eoafpped wife a software client, fee 
oard aufeesioates oardholdera to feek payment oard ksmars sod e^erohastts, potentially 
redaofeg the profefem of os-Urss ftaad, Boe&ase fee presence of s oard in n-aasaetions tmkbz 
prowm (to some extm% eardholdsa? shop online wkfeoai fear of credit oard feek, 

Ik some embodiments of the feventlorL additions! protection steps may fee taken. For 
25 mmmte* «sfeg a random generator wife feme keys with valo.es aniqae to each device, nsmg 
a CftC for valldatfeg that transferred fefemiafioo fea«s not been changed aod/or different 
soorypkon fenedone and psaado^aifeom nonfeers for each card, 

fa m-mmyiteay eofeodaneat of the invemion, a Datagram stroctare uaed by fee card 
m&y fee as fellows; 
30 ~ Header (est encoded) 
•• Fabiic ID feet encoded) 

- Ibiwte (sceored) ID * Coonter ¥alus Clfeerypted fey BBSS) 
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fa m. ssl m^mv mrnoMmmz of fee feveatiaa, a card is mmmfa®c& m. fefemei 
aasraj the mcmmg : .pxwm&: 

1. Ths m^rm^&mmismihy passing fee Malt«fe bm®xL 

2. The eaah takes a coofear vsiue stored crM, memory amd uses It as a 
seed mlpe feat is BBSS ess^pfefe tkm It tos^% » aoao^ho signal eat^feg m 

3. Th# PCs sofevare reserves the signal and uses fee eofeafeed EDAC packets So msme 
fear fee message «? vmte smhmnoi hm& Mmgm, sM i® mrtm errors if my, If fee 
message is verified fee FC strips off fee EDAC safe sends fee msessage fe fee 
aufeeotieation server wifat It being dwjfSMby fee Kl Tbe m^Umnon system is 
qptio^ly defegaed to work wife a smsm e!iemdse^?er sm^w&micm Imk snsh as 
HXTFs or SSL, la some snfeodbneritsv fee message is feat omnsmitted to a chant site, 
far exa^pla a vmi$m site, where it is optfe$ia% apt decrypted felbec before bavins; 
iaifemmiea optfenslly added opt-osfe erosion applied and being transmitter! to an 
aa&ssitteatiasi server, 

4. The Aufeesfeeahon Sewer Soih^sre reeeiyes fee message and parfbrms a hash Mixtion 
oa it. Toe ofepst of this bash fenetion is compared to a database of hash valaes 
maintained for each earfe is. as es:emp!ary ®ki«st of fee hwmtkm, afey hash ©odes 
ibr fee specified oafe are seaarhad m fee database. This Batare is possible since fee caM 
IB mmiber is also b^ssmltted fee card to fee .AMheMeatlas aeraer, feus allowing 
fee server fe fetfe fee search process to a portion of fee datahass, whfeh eraaasponds to 
fee specific card from wMdh fee aamsmfeslon -was teeefeeh. if fee hash function output 
of fee received message appears to fee database, fes Anfeentieaiion sewer reports to fee 
earn issuer's web server feat fee activated card is 'Valife It fee hash output of fee 
resei^ed earn message does mi appear hi fee database, or has been used fe previous card 
actfeaaon, feea fee server reports feat fee: activated card is *&*s»d'. Ifee hash femnion 
erapfeyed is optiaaaHy a one-way fhuehon feat cannot be reversed fe find fee hhdai tiata 
irama At ao point is this data decrypted, and ah fee hashed data is optionally stored oa a 
read media, poteohaUy prsvenhhg accidental changes to this data. 



In an esnmpkry enfeodmisfe of fee mvenfem, & ms& Is aofeennested on fee 
telephone tisfeg fee fellawisg process: 

1 , A cardlmlaer dials an eoabisd telephony service. As hytemcdve Voice Response and/or 
aqmpmtdt-Tsifsptaj system answers fee cdQ» : and the ©miMter Is prompted to activate 
bis card Tne ellest applieannn (is fels case fee M ssd/or CT! applieafee) r feH&eag fee 
oars trassmkMosv sad optionally ferwsrds It to fee Asfeentieafem Sewer (ox & r&bdot 
mmh wfeere card anfeennesoon Is optionally performed. At fee ssm s telepnony card 
attfeenticshon is optionally performed nsfeg a hasb fisiodos process 



1.0 2. The. authentication servers 'Valid or fevalid 5 kfesli© Is forwarded to fee IVR. sadfec 
CT! sm s wMeh &m fer exanjple, admits sMioMsrs to its Meplio»y system, or 
t^wsste card m+m&w&m, aeeofjding to its Isgfe policies. 

m m eseiBf l^ ^mfeodfeiedit of fee iiwmiloin two different implementations of fee 

15 comisssmsstas l^yor is ptowidsd, however. ofeerimpismeMatiOBs may be nsed as well: 

1. Tray Application: la Ms k%lsmssit^o% fee eornmnmoaifen Isyer is dcvm&aded m$ 
installed by fee usar, typically fe tandem with addMonal ®Mmte prodded by Use card 
jssuesr: (fee ooissmmiestioB layer eonld oven bo oSered as a screen saver), One© 
installed* fee cemmmmosto layer mm M toe baekgrooM, waitfeg lot a signal fern fee 

20 card. This persistently reslnenv ss aiways <ja* implexamtstiori may bo w^JkKmaap*. 

ibr Meetranio loyally 5 ' apphostto, enabling ose-cOicfe UmM access to personalised 
web services. When triggered by the eard s fee persistestly resideBt eonnamfeesoon 
Iay©r2tray application coiaisoi to tbe iierwork, kanclj a bxnwsen go to a specific XHL, 
authenticate entry to fee pcrsosahzed service, and px«seat fee oser wife a personalised 

25 web service in a msrmer feat is bofe convenierd and secure. 

Z, Active X Conine! - Web~page Embedded Version: lb an exenipiary embofement of fee 
invention, fee oonnmmieatios layers is Irmdemeniad m a small size, which allows 
implementation in a Web page embcddaMe, Ibr example, ActiveX or IM-pfogfes 
fermat Ifepleinentatton in Active: X, Netscape PltrgAra or In Java is nsefei for 

SO. embedding fee conmmnicanon layer in web pages for sotornatlo loading to users who 

visit fee egfepped Web she. 
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in ®m B^kmmmmm, a Sm~tmm mst woxM smpif go to & particular card 
web page hi Which Sm cmxmmmmkm kyar m eraoedded, md. feffi astkato -fte dsevfee. 
Ifeasfeby m sonsolons mm decision to 3mmM$&m mmll is reefered. 

Tfee Apfeesti^oji Sm« soikware can fee |nsptoss|sd m a PC system ranking a 
Wm&vws m 4.0 or Mgker ojs^tmg s]ptsca s ;asd Mlcroson SQL server fer Database 

la as exemplary embodfcasnt of fee ntverkaora the card will fee ISO 7$U ana BO 
7SIC) credit m& tmm& s fer exainpk> By Yts& aerified labs. These tests feolnde izman 
i&stmg f imolvmg 1,000 \m8s-. of eaiC His tests also include ^poste. to keat, sold, 
water and acids. 

li an eaempkry aab«*dapmi of ifee iavmlios, fee eard la ssearad physically aod/or 
locally fe order to -pgemsai aossm to Its secured data. 

Logics! security is epfionkly acMewd by encryysiing fee card's 'Secret User J& and 
eoanner Talus nairsg fee BBSS mcryptldfe taakfe^e. The earl's tafelic ID Is trarismittad 
wtthoni eservptiorL 

khysioady fee eie^trofeo adcfet is optionally seouaad by fe placement as ffee middle 
of i^epfefeo layers. The two layers of plastic cm either side of die eken-onks layer, and. fee 
card's laak of external eeameeiars CDnkkatfe a degree of rfeyaical seemlty, .MdllisHtaily; once 
Ike dam k mitten to a card BFM0M, fee read and write rases arc biased, to prevent 
accessing the wiiW^Mm^Qt, 

ZMm^^W^mim frmS) hmm device/card 

In an ene^lary eanbofemem of fee Inventing fias encryption fa fee card k 2 
key BBSS algokfear, Optioaafey each card has two nnlqne keys. Tkese keys are randomly 
generated dnrfeg fee marndkotexing process, for examplg, by a stafisdeally safe, 
generation mechanism. The keys are generated and written directly onto fee card's nom 
OrasaMe memory, and as a seeatitf eauikm are rover stored outside of fee card, la an 
exetpplaty embcdfeasnt of feeis^^Osa ader nsing feese 2-key BBSS and fee kasa fcaotion 
to generate fee bask table no traae of fee two keys exists in: fee Ainfeeadeanoa server. 
Opbonalky fee bash tab la ia generated or fee card and .read ofe dnfeag osanafecmra Tkea 
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wmsw lassss «lg eM wbe ^mr^ |br«uaapl» jisysisally* or fcyp^Mmg -Sis omt 
wi& s. suitable mssmm&s, fee example, to erase the hmk table. 

Qpdondty fee oodes are prepared for parhofesr engftmaffl, &r sasnipln, so each 
cammm can vm Ms codes for wfedadom Optionally; the customer p repares the codes and 



only a hash ls |WfiW so the a^m^c^as server. The customer may than Mad tie cards 
that U mmvm *m. ^fmd. mdm mWx hash valnes mereof. By omvfenxg fee 
cumamsr with. .* dfOfeent hash value, the anm^satlon server can allow the customer to 
pgrfnms hm own vsldsta* without mmpmmMxm the validation at the 



10 Q»^M^^gM«Sig 

In sb wm$m r snm^dlmsht of the Invostkm, the sm& ®m$e® and m®r$f& & 
time code every time the card is ®M?wte&* The encrypted data is, M example, 64 bits in 
loogtfe. and eooudna, for example, two m more ielcte the 'sesret card IB- ami fee Conmer 
vsl&e, Aiber esok aedvation of the &m& the eotnw valae is optionally tessmooto4 s making 

15 each trsasmtto! oohfe emque. Alternately, & same one time coda may he reused, &r 
example^ witbtn 1 irnmne. 

M an exemplary emfeodimsot of fee mvemiom this mmrniabon & mmsmltred not 
encrypted k order ts verity mmlrsasmMed message is complete ana to correct mry error that 
20 »yafe 



The elleets may he advised to use a second motor of aumetdfearion m. tandem with 
the fimi factor token amhemicfekm. The second factor maybe, tor exampfe a Hh%asswoo4 
secret o-nesbon, voice vedfioaifera or other preferred a^meaSio&don methods- 3ft an 
25 exemplary embodiment of the mvm&m feo described niefeod doss not pit limitations on 
the type of second laotor aufeexfeoation teelnfeme feat cas he snmlnyed- 

& an exemplary amhodhnsnt of die invention* the serrer aufesnftcafes & cardholder 
3 0 using a comparison mnchem The hashed version of fee card's encrypted data bit stream is 
searehed fer m the hash database. Opdonslly at bo point is this data decrypted, and all the 
hashed data is a mad only pmveming aeokteatal changes to this data. The comparison 
function is ased to compare the sew eonnto? ebok nember fdetermmea by f he position in fee 
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bash table mat mataf@a, for ex^upld) with the last la»«a csuslgr click tsm&m. Daeisious 
« optionally mad® aeooMmgto fer^t of&i : S®im 



'M m e&amp&ry emfeodhhueut of the !as r s^loit fee sssrvgs" oars smd oMy two messages 
to the vatm* w&rM: Card Valid* or 'Cam %m$k\ this §smm pmmMy pmvmm backers 
&om fejowfeg why the card was sot validated fey fes sereer> mfemabou feat is ofeai 
haiportamifer impto-cfeg attacks -<m fee server, m l^a-^stwotk, seems* vowmti&s&xm» with 
a card, issuer or Irssted tfeird party server, m optfottgliy provides additional 

x&fcn&a&c® as to why & particular card was ssl authenticated, Ik my cm^ whm the card Is 
retried it stay p ass the aufeetfecstkay for &sms$&h$ showing dxat the sojjposei card holder 
hwxt least two onetime correct (w4 opbomally cta«ecaitft$ eode& 



In m msmt&y m^ommmz of the Inventa, the system will eo&gs adrnirash-atioo 
of rmom operation wbiofe may fee m&M wbeo. &mmg cards, for example described 
below. 



lo as exemplary ambodfeamt of His taction* a Cmd issuance process m 
addition so fee dd&vesy of fee cmM to the se?ers s or .mors of fee fdSawiiig op^&tioKs; 

i M&j&m of ®m card details to the database !>g, s basic record anddsr fessh Hat) 

ii Aa^eiatlon of i&e cardholder iJser IB asm the Card ID {tup&amQy psrforrned $mmg 
psr^osatlzstiori.) 

lib Activating die card's fuusbemdiiy. Hits maykvob/e seedhrg aa adedsafe ®mxmm&. 
to the soever {s,g, s urease fee &<s$saM. is offy Alternatively, amomatic activation may 
be performed, for exampkif two consecutive correct hash values are provided, 

M as exemplary embodiment of the mvemiom for card rew^atkm and eascd&g of 
suetrarevoeafem, one or bods of fee following two mssbamsms ate OpfOpaiiy prodded: 
i A Wefe based, macagsst^t fererfaee, wfeefe, arter proper fegfep enables fee 

operatorbasar to revoke cards based oo the card Jib 
it A 'Protocol based maoageraem htterfaee, enabling a cceripater to automatically 

revoke cards msing differeot protocols, as defined and agreed wife a vendor and/or a 

user 



If 



X& m sxempl^y smbo&a^at of fee rsmm^on, ex|feed carda, assnmfeg ibfe new obss 
h&m. feesm issned, will .go through ike revoefeiss process, wMie" In parallel, a new link will be 
ereafed fee tta ID sad its mm card. 2& a&Etkp. to this process, fee record of fee 

5 cards sad ths h$Bh net ®m opboBSlly baefcsd np in case die hseiknps are not in die same 
place). However* in an ®zms$M$ ®s&o#s«£ of fee weii®, so baoMng ap k perlbrraed, 
as the hash list is generally static, 
Mamrifereafeig 

Manib%eturfeg is t^featiy fee -&st pws in die cafe life span, 
10 fe m exerr^iary enfeodlment of fee fes^tkan bw card Is m one of fee 

prnprielra-y manufeoiarfeg tnes, fessted within a Vlsa-eerriiied. feeibty. hi an exerajdary 
enihodimeni of the hiwenhsn, a drssitry modnle m pmgmmmsd^m& the ssimtifacdirer-Bjta f 
to be nsed Mar as &c a^s&c*ys^IO and Basr^ied Data. The dssmifey then goes ifeongh 
Ismfeabon and graphics, Jbr oxssspk, ^i;«3^m or hot i&tnlnabos. Thainagnedo stripe 
IS (a^d/or &wt,<wi mo®m) is m$.%® card is r^dy for personabsarion, ,&&m^v*&% 

tic cars! may be personalised anfc wsiwm W generated, prior to tamfeafea 

1b as ex^pl8^.^oto^,of^ %v^<^ according to fee dweebon, one of two 
aathsaricMIon sebemes is used, According to a first scbsrne ; a cornier is embedded mMxk 

20 fee Self-Pnwered Card (SFC) and is nscd as a basis for generating a rarakan nnasber* The 
SFC also comprises a bnfesm si&fe feat each tsas» fee hv$$m. Is pressed (Le, fee card is 
'cricked'), bhe coufeers -valise iwmmi* and sjsw random irafeber is generated m& 
fesasrfelted to fee aobfe^eanon server along wife tbe rest of fee data. 

tjpm reoefefeg fee SPO's data at fee amberdioafem server, a pa£&m of fee data is 

2S basked. Since each SFC asbvatkm generates a new m$$am cumber, a new hash nrefeer is 
generated at fee server, ta'oostaa to fee new eonfeers valas. Koowipg fee mfe by nabob 
fee comrteris vafee increases allows ealeniabng fe ESl fc oom^erfe values, fe an 
exemplary embodkuent of fee haverdlon, a set of, fox example, 1 0,600 dor any odder nnnfeet) 
of pseudo-random narkbers is calculated, and the resulting numbers are bashed md stored la 

3d a database cnrhalned br the MnAsnbeatloa. server, for example prior to fee Srst card use, fe 
an exemplary enibedimeat of die fe^entiem feere is no aesd for fee server to ealcnlate. store 
or to use fe any way, fee original sosraer -vafees. These raiaes are only gonsretod ones in fee 
card fee. wben a card la THokecb; oae new vfeuafeumber for each cikb) for f airier 

20 



gensrmssg fee random ■wmfo&ts. In. fee Aulk&mo&Ums.. pi^ eaek ufeaae hash somber 
rtokecis g speeMe ■■&&& ^M«k* rate tias ike mim mmimH m m> iy^aibre s cs^mMv^ 
hmh'm&$m$ m fee «pk mrleet aokseetoi^e eato. felmkk i^. 

ha as exemplary embodiment of the Irsa^oty %$-Armm$m£m pss&em iimM w 
earned ok according to toss feltowiag merkodr fee mmzzmsivm a ma&mn code 4M& fema 
fee BBC. At lesto a pmkmi of fek data 'Is basked, ass! toe restokog hash mtm m searehed for 
to the servers database. If ite is a matehtog amriber m the database, the eormsr»eaidmg 
SPC's ^cick 5 smiBbsr ia compared aplnst fee latokwwn kfeck' nmnfeext is. fee last time 
feis SPC was afeheMeaiod If the ssw toifebar to equal ox less fkaa fee last totsws 

'cf ek 5 HJMsfeer, the SPC m considered to be hM& & ibis esse Ike anfeerabeadorr server 
May hold aay eesalrmakos of fem^aokoKS *tsfeg las elaciiomo eard, or tafeairy ofeec aekem 
aadf rsqoked, A reasonable namber ®f 'htwks- parfene period may he allowed. For eaaoopfe 
ssi average ^set may use fee card tor wahasmg oomraodikes, show fee card to Ms Mmds, 
asd elrek os the hutom tralssmsMOy, For example, & card may he allowed Be more Stars 
200 clicks pm day; Beoee f by keeping track of Ike click ara&ftr sad/or its Mstory, 
mtemonm® kmrements feat may be m fefeaakoo of a proklemabe SPC S ean he detected or 
iderafeied as arbfecto For example, a SPC user okoks Ms card, md fee Aittkmikatfoa server 
feterpreia fee rscelved data, as 'okek nsanbsr 12% If, however, at fee aante day Ike server 
receives saaofeer data bat Itosrprets it as { e!kfe mariber 220% the Aoaiieorieakma server 
kemetobenf ibis click msmhzt (is. 220) Jtod; m&y decide to invalidate too card for fills' 
$todfiB tmm&ikm.. Kcwmm if later fes sewer reedtsss fern the same card a data that 
reflects a dkfc rarnfeer of 221, fee card m&y be considered to be varki Later on receiving 
chek mmfeor 20, may he mdioative of a real seeariry problem. Opkcsalhy fee card (and 
server) uses- a dlffereto set of hash aaashera tor each day, 

Aoeordtog to a second eaem|dary Attomtoctoios scheme, a set of raadopi mtrohers is 
geaerated, ksshed. ataa stored kofe m fee oaxd asd ha fee A^efeiaakoai aarver. Opiiosially, mo 
trace of fee way by wbiok feis set of mashers Is generated eacisto aarawfeere- to the systora after 
ecniy]elto.g toe saxchers gerieradaa process. For exgxnplej fee set may be geaerated by 
sidpphag some mrnahers ha a series, for example, every other rxamher, or using a raodom 
gamp* 

to an ex emplary embodiment of fee mveokom saok time a card is khcfcedk a pototor 
dxao ? : a dae nest raodom a amber from dre table, wbiok is trsnsakttea to the Aufestoi cation 
semer. The server then searehes for a matemng hash oatober in Its own table, ha order to koto 
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m cmrmp&Mmg oilers B^uhea after wM&fe. it required. aeiio% Iter tsmm$t% 

mmg smm way as desaribed is the fust Atebaedoatiori sohetue 

Optiomlly; $m mxA W «aii&bar is &e Mais table k used to m&nm the searsMag time 
m the hash table. Alternatively or & rebhteioa & time is providsd by 

5 mwwmg old, a«d/or s wastesh hash vafees ferns the hash table, a, wastsd hash smskr 
is a hash zmtmm thai relates to (or is s s^tmrnMivs of) iuse disks; ibr s^mpl^ v&mevex 
a card is clicked wfboui its immmmim bm^ received &r&» Ambmm^km sarver (e.g.. 
aeoMmM oleksy 

gesMii&' Oae possible purpose of the security is to allow &e umw of a devise to earry 
1 0 traaaaohoss m a secure maorser* e.g.* 10 easure that ffee owser, m& m$y &e ws«, will 

a traosacuora & tm ese^splary stsbodasaeur. of the iuver^csu aoktevbag &k o%|eoi k pwisM 
by oiss or mors of: 

(a) Frevssstkat of exast dsf>lieasasg of m ^mmm mxd; 

(b) JWsatiea of dapJloathag the operation logk of m eleeiroate ear d; 

is (c) Bnoryptiag inforraabon behig referred between fee eleclsofee esM aud the 



(d) Sjmmg ^erypted iumrmata at the anfeear&absa server md & refetemse 
iufetmatioe at lbs oie^upuie card. 

Ths. msmmMmtim scheme desarlbad herobs allows jsesvsaisg & t^Uy adaek. 
20 However, replay attack & not the only security oousideratba. Optionally, om or both of the 
fMiowMg issues is dealt with m accordance with mi sxsmplary embodlmsM of fe e invention: 

(a) The miegtity of fee deferred miration between the electronic card and the 




at the a^tbeMieato server's side; 



According to several ^fcodkassts of tho hweotlosi, the deviee/aard is used Ja 
$b as exemplary ' embodimem of &e !n^entlon s there k a desire to 
prevent the risk of a . badker trying to pretend being a web mesofcant by copying a merstet's 
web site, ha other words, a haeker may be able to *get in the middle' between a legitimate 
30 user wd a mercbast, thus becoming as Msmis&fete, or by pretoeding to be a real merchant 
and receive payment whheat providing goods, be sueb cases, the backer may, fer example, 
scad the aser a message, pretending to bo a geaahm merchant, urglngAerrmtiug tb;e user to 
reply. A legitimate user would mt be able to tell whether Ire responds to &e geoulue 
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nmdbm. orto fee backer, m&m hrnhmmmt^M^mU^ of isai fact by teceptmg aad 
ahaslveby exploiting Iks dMs a&e&a&gpd hMw®m0m nser m& fee gmmm wm&msL 

lit m exemplary mxis&immi im immmm in order to mmmi both cM&bsMas 
md web meeeharda (mid other XSB& a mesial mmms is nsed. m mskmmkm with m ActiveX 
5 pmml The ActiveX control Is a generic sorters ekmeto; s^feesiMsd in most of todays 
hmwszm, Wtmm^ m Mm®£ tm? mm a wsfc site far fee mst fas, m htm® page may 
promp! fks user a retpest to download as AodveX m&> sfbst which n rmxsms m &m mw*s 
PC. TH& .m may m kmm mmm pmms^m rngarfecg the parhotoar web page. If tie to 
enters a&olhsr ;<wab pm% fee mm doss apt haw to load fee Aettve X agai% ami the airnady 

10 listing MwX dynamically changes Its WaHtiM* to ©ompiy wife fee ;isw wels page. 

In M §&fetopla|y' eafeodlmem of fee im^sstiom a merchant must a&qmre at least esse 
of two cer^cstm k asi to allow bm. to seeisXty itoeraet with, ofear pm&m by nrnztg 
Stosmea These certlfioates may be issued, for example, by a GemSoatton Anfeoiity (CA) or 
b y fee ASP liaeba The first c®mmc is referred to as toe <a&mi cs^Mzm!\ This oerbXeato 

15 i$ osed by toe Atobsmioatioxi Service Provider (ASP) to verify toe merchant, The second 
cerfeSetoe is referred to as ft© < servsr eeriMeate% and ft. Is as@& to a legitimate Memet 
user. 

In as exemplary enfeodimenl of the iwm^m^ whenever a cam aattatlcatioa to 
Tsstomto too card la activated so that a data stream to trassnxhded iroor the card and received 
20 at fee user's MX Assmmg that the AchXeX is operable, it receives fee Umtamissftn ami 
modfees it mxw®s% *» Sjs tohowmg process* at fee user cornputor andfet at a merehtoit 
eoiopoter: 

1 . toe ActiveX optionally adds fee tomato's digital sigmfnre (i.e. the merchant Sserver 
ceetihcato ! ) to fee received data. This operation does sot alter fee oXgfeal hata 

25 rm?alvsd iront the card: 

2, fee ActiveX optiooaily, aitomadvely or adfebcmlly afilhatos the speeile web page 
parameters into the above signed data; 

A fee ActiveX opdon&IJy, alternatively or additionally encrypts the resnltfeg data by 
using fee merehato's public key: and: 
30 4 - & e enarypied data to titan forwarded from fee merehant to the ASF, Tito ASF 

decrypts fee data who ha own phvate hey ? aed fee signed (by fee merehant) data is 
etoraeted. The oonnnaxdeadon cbanoel betweeo. fee merchant artd the ASF is seonred, 
since itis- crofed.o*4,by ^iag •tb^SSi, p®etoc0l aad PKx toehniqne, 
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Opiossl^ m ASP sbe (is. snfeenbcafeos sww) bas a 1st of a!! mmZmm* 
certificates sad &®m sigsates, sod teS^llMtwD key elements; be. a digital signatom 
asm a csrtifioata belosgmg to fee same meK&amt is necessary to meaato a ted, Howrar, 
sferee it Is tasst impossible to steal feese two eletoetos, etois&oed security rsay result, the 
S dam, wfeieb h m®mM®& %om tb# eard, la seenred since the dam from a legMmafe issar: 
bears the MP irnprfefe as is carded oat by the ActiveX m fee m®?M PC. A backer 
iMemssgt a dtoa «ant to al«#tlmato us^r, However, fee hmkm: oa^ot eiga toe intepied 
data wife fee proper signature. Therefore, wfeesever fee ASP receives a data to$i^uhaaion 
iroafe&o&er, thfejfctai* mostlike^fe lis^aMss sigBatoro, ^^^teisi^iored. 

1.0 Altemtorvely or additionally, a special attribute is afeled to fee ActiveX to sncfe a 

way, that vdiansvera user makes m attempt to load m AetlfeX esferol* 13m AstfeeX oostool 
msmhm* while on runfene, for fee special atofente. If sncfe as afedfetoe is sot :feas4 toe 
AatveX oosttoi. wil toss o& mmw&<®&$ s o&erwise toe ActiveX eofeaol is ready to 
mdyz® mmmmg mgrnls md take Ww *® :reoifesfe Possibly* fee special atofenfe 

15 may fey the ABtostoieatiori Service Provider <ASF) to each a^orM mmhmZ. 

AJtersafeveto or addMonaily, toe feilowfeg method is fef example for 

mcreasfeg fenmufety to lookers. Eaefe menmant assigns a special mmfeer to eaefe user on a 
session hams; imw&y whenever a ear<feo!der etoers toe m®f&mf$ web page, ifee merchant 
assigas fee earn sssr a random ^one-fenm' mmSm:. "Opes setting fee card, toe ActiveX 

20 eexttotois activated and fee special number is added to toe card's data aM lasBobsd to fee 
mem&antfe web server, where it is compared with tbe original riBmber seM by fee merofeant. 
If several ssers eater fee same metohanfs web page essetoialy at fee same lime, oaeh one of 
feem is mm. a feffemto agte, and if a user exlls and restore toe web page, be is given a 
number feat feffem fe>m fee previous number be had. Sending one-time nnmfeem, snd 

25 receiving feem as a feedback, may ensure to fee merchant that fee eser fe refeJy who he says 
he is. The card may fee signed fey toe ActfeeX ooBtrol using toe merchants code and/or using 
too sard. 

.to an exemplaty embodiment of the mventian, one or more of fee feliowmg 
3D datsfeases are provided tor atohendcatios, for exampie, at fee server; 

L MAIN TABLE - as is cspiaiped eisev?bers to toe text, virile carryio.g eat fee 
sg pbaae cf toe carfe a set of for exanmia 10,000 basbed cedes is generated, 
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enob eode tmt^mtmg Ss baoadelie m& m he nnnsnboed born & mmmc cm€ The 

whole set of bash ooMsmbw Is mm&.m-$m table. Tktm&m belob of the table are; 

LI HASH: CODES - dns ikM holds loo gmsasm. ICtSOO (m ws^ or kss) bash 

B¥ery brae & sard k passed, its 'onebirae 5 eode Is reoeiwed ra ibe Au%mUmiim 
server, m& its fe&d resaJi is saarohed lor w Ms i&Me. 

1-2 WBUC: CARD ID - m optional bleb stores & ID (m ^mw&vmy & 

t&gm&mmimmbsT} dm is reoewed from die oard rai-era^ted- It should be noted 
that there saw bo a sbuaboaa where the mmhm of dm! cards Is large, is 

which ease two ass$B imy traasxmt exaedy the same traasob&slow Howevor, it k 
mpsstsi tt*s£ the sard IDs will remain ntaqm Atm&tsm&f or allemabvoly- feis ID 
issrobsr may he nsed to wmm&m the tbm. mqmmd to Sad a hash eode/fnnnber m 
this table, 

1.3 COXM££R VALUE •- this optional Meld holds fee ejected fetoro counter click's 
tnsmfeer of a speoific ossrL In order to allow eomparhig between two cosseenbve data 
recoiled, from fee oard.. 

2- CmbJBX TABLE ~ this optional tsMe baa one or morfe rows lor eaoh oareL Tko raaba 
boMsofthotsblesro: 

2.1 CAEB IB - tab optional Held represents the card's uoiooe Ed or registration 
irntnhar in. fee systeta. 

2-2 TIME — ■ this, opbona! ibid oontalos die bn^stsrap of the last AnlbentleaMos aberaot 



2.3 STAHSTIGS : - tbis opbona! field holds fee nsnolssr of Amherniosbon atterapts and 
the mnnbat of rabnres .and/or other siabsbes, 

2.4 LAST COlEfEEE VALUE - this opbonal field noMa the last oomfer ^alue for 
whielr the Aothsnbeaboo soeoeedsd 

2-5 LAST RESULT - this optional Held holds an error eodo of the last Aorbenbeabori 

abempd or-zsm iftto IsstAii^gs^tiob.%^ successful 
•2-6 STATOS - fbia options! Sold eoniams tie stares of foe card, for enaniple: 
ALEE; 




"ExpbsdA 

"'Mot Initklked"? and. 

"l^tnporarily Looked" - this state may be initialed alter asaaoessioa of 



erroneous Antbenboatioo atteorpts withia a gweir period of blaba 
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3, USEE TABLB - Mb ®p£mt& iM® mnWsixB one m msm rows fm mtk ®mi »ot 
(which may or sMy not fee fee same mvm&m% The msia fields ofihe tabte a*s; 

3.1 €&1B ID ~ tfsk optional &sH M as dtovfe. 

3.2 "DEEP. IB - f Ms opdoosl MM. mmsm. a nser EX sack as a srs#t earn p^. 

5 33 Prbmte Iterate Mnmber (HM) VALUE ~ this optional Eek! appear ia olesr 

fet or m hashed ftea. TMs nn^aber is sat xiso^garfly isslsdec! m fee card and. 
i^ My te oo role is &» ohms AutoMs^oB pmeM^ iMs n^baris 
similar to & *m wm^m 

3 A User Denned mm (UDF) - tee optional fields (fe esaag&s 10 holds bot oaher 
10 mmsbers are possible- too) $sx-xemvQ& t* each card, nsemss&e£» wiaeh may decide 

to III fast m% imzkm dala, mzk as saxd's Imhfer feanfc account msmber, address, 
tole^atae nmnbex, allowed sredit evo. Bach £k3d may oonbahv mr example a 

4, 1,06 TABLB - tbis optional table lists every AlgBtoBM&w jftsectt* (or mm® oafcr 
1.5 Silnres sod the last success), Bway Aotdeotisalion atfemg* adds a new reeooi to M& 

table, so matter what km® or camhoMer fe terofcrtd. Some possible fields for. 

diiat^ksaw; 

4.1 lD™opti©M4a.n^ 

20 4,3 CARD ID - optieoab If the card ID is-«ot £>ns4 a psffl value is retard. 

4,4 COIJNTEB. ■-- ootionaL. oonnisr of eard for which m AMhenncaiion stieaopt was 

pg^jmsl. If sosh a counter is not fbuxah a generic ^aMe Is #mte& 
43 KBSBET ~ optional, this &pU covins the rsaabs of me Anl&erihcaEon attempts, 
4.6 USER NAME - optiooal, stored b*s» if it was pravlded by the service provider. 
25 4,7 USER IF ABD&ESS - optional, sted hare if it was prodded by the sendee 

provider . 

5V LOG TABLE - this optional table contains inflation aboot card 

management operations petfotmed f is Web-site management tools. Soma possible fields 
fbrtMstebleatat 
3 0 5. 1 IB - optional, miobbat idenhfy&g the log entry. 

5.2 OP CODE •••• optional operation eode f: snob as ^Suspend CardA ACbange and Card 
Password". 
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we mmwm vemimmtM 

53 OF VALUH ■- o&hm&, &eOTJf of She #eradan (OF CODE), 

As was $®mih®4 herein, mm e^roplary emfeodlmeot of tfee InOTtiom. vrAenever 
IrmtBM i^mBmti&n is carried oct, a card mmm-' <im mt be s& that the dBasa.edoo code 
gives fey Msrctest and the authsmfected card relate to ea# otfe. Since a wafe site k 
ot>It§4, whether sss«rcfeasf 9 or tits card wkm**, && pmH&m cm U tm feo&slly solved 
by wm$- a proper Actt^eX fife which may melnde varioras psimels Mafeg to the 
sad/or to ifes traxasaotieri aM/qr the lai^ mzk as PC's IF address, tksastop, 
smorrxii of Ormaaeikm, TML m&im mgaatum 

Is sOTie &&bo0m&m ®f fee tonta, a a^Mo^ mny fee used in virions 
a^lsMioas, fey txsfng the same escaped data generated fey the card. The right application is 
seieeiee eeos^lrig to the hash Ihso&m apphed fey the eorr^spos^mg Aiilfee^cadon semar. 
For example, lets assmne rind therein a 2- ap|*e^es card, wfeeeew ibis qw&.imwa&B its 
data, to a sp^arle Aidherdicador server, dtls server arnnies its emetic feash fhsefe to 
Application the card* Staid the Asw tmmM Ms card data to the second. Arrmenfeeafeon 
server, anodcer feasli $mc$a& k to generate a different hash mmiber. The dfeSrmg 

hash tfexardons md/m ote associated iafajatloA may fee added, for example, by the vendor 
or by a .snbsidh^y aa:tiendoator ^Ms& may use tfee ASF for providdsg some aot3x«ndcaAors. 
serAoes, 

Fig. 1 admmatittally Mmmzm a process for aameMieabng a SPG, according to mm 
embodJms&t of the imTe&Mort A sard 100 dansamts a counter vaiaa 10 ami a eatd-IB 20 over 
a cormeefcn 30 f to as axdfeentieadoB server 200^ vmere tire card ID is used to lo clasp m a 
table 40, Opfloaally, eomrecAcn 30 is encoded, .Cor immpte nsbog the cards one feme code, 

Mg. 2 sefeeanafeoadFy illustrates an anfeettocafeon acAenre of a device, according to 
another prelferrsd embodiment of the mymto. ; M tMs ^^isssal* a further security is 
P« fe F employing a seooriry P2 PAg,, a fey) 50, at Ore card, for example one which. Is a 
pafelie loey of mdbcrdlcadoai server 200. Tire data may fee feaahed, as iascdhsd afe : ove md 
med to Icehirp in a haafe table 4%. tor mmpU memmng to caxd-H3. 

Fig. 3 aehematlcaOy illnstrates an. arrdaemicadoo situatidtij wherein as arttfeepfeation 
service prouder 35 (ASP) araAeinlcates a oaer 300:31 (i.e. potential buyer) before carrying 
oat an Fatemsr darsaaetion with; a rnerebant 36 ? in aceordanee with an exemplary erabodimeril 
of the m^ndoo. By osdig Ma FC 33, the nser 300 esters fere merohanFv wefe page 3d. 
Bnlerlng the merchard's web page 3d for the first feme prompts the riser to download a. copy 
of the gersedo ActiveX control 37A to the m®£ f s FC 373, If die eardfeclder wisfees to carry 
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out a. fransacdom t» presses Ms card 3I S wMeh m mmlmmsiim fee t^&mmded <£Ms to 
Use PC 33 fey- irnmMm. 32. ia an w#l^ embodiment of m immmmL iU 
AobwfX control on,the FC 33 lias tfee cEpalsiilty to Identify the imsm^d signal 33; e.g. fey 
deteetmg its ii^oesaeys tmm^^m,^m$mh- ebeelesnns bytes or any eotafeia^on of these 
5 attributes* If fee tra&sssss$£©d signal is considered to fee valid, tfee Aciw&HC control optionally 
digitally signs the card's data wife the ««rstor is^fe server's oargfiesfc*, Tfee Afii$w3£ 
mmmi optionally adds, to the ogaedMi* the sp^ife woo page parameter md optionally 
too resetting data by osfeag fee ASFVpnble bey (or a ptblk bey siting to the 
mss^mm. fe ftatfeer vorlfioatloo fey toe ASP). The ■mssypbsZ signal 32 s Is feen sent to fee 

IP reerchaofs web Bmvm-M, Tbe merchant optionally adds Ms pnbfeo fey 36A and fewards 
the data to fee ASP 35 ©pMo&aily nsfeg fee Secure Sockets Layer <$S&) Potest, wMsfe Is a 
protocol the managing the seonricy of & message traosnussiori on the fetesssb 

hx an exemplary efebod&aest of the In^satloa, fee ASF owns the AufeeraSoatlon 
Sems; wMofe opfenoaby performs one or both of two pnssolpd bssfes s one of wincfe Is to 

IS verify tfee mercfearA and the seeondls to aofeenilcaie fee card itself Yerltyfeg the merchant 
and fee Beer is slnmltaneonsly earned ont % the ASF by «oaf©ag fee renewed mm&mm 
server's oeroSeaie to the ASP ! s bat. If the ASF feds it m Ms Hat (or Being a bash thereof 
compares it to a suitable list), it fefeomes that the meufeimt is really who be says be is (e,g„ if 
the ASP Mmseif gave the csrtiEsste to fe&mrttet}. On the other hm& since the menfeani 

20 certificate was added to fee aser's data in the ns-er s FC S It also mdioatcs that lie user Is really 
wim be says he bis, and fee card antoenlicathm may be earned ont. 

In as msmpk^y etobodnasst of tfee mvention, fee ActiveX 37 A has an inaporisnt role 
in fee above-meotumed process, since b collects details front one ot feofe of fee merebafe 
web page 3d and the osecT PC (33), and digitally signs it with a server 30 certificate 36B of 

25 the mmixmi twlbcfe was provided to fefei by fee ASF). Tfee ActiveX also ensrypts Ibis data 
by using fee public bay of me ASP. 

big. 4A: illustrates an Anfeentieation scheme, m accordance wife an exemplary 
embodiment of fee invention. When fee card is maonfactnred, a psoado~ra«dom numbers 
generator {tM0> generates at hmk fee secret card's ID xaxmher 42, fee initial counter vafeie 

30 41 and a. 2-ley TfPBS #3} t The 24cey T-DES is nsed to generate a random raafeher, from fee 
latter two types of data, each lime the card is activated (i.e. Ticked*). Tfee 2-key T-DES is 
optionally pesmasmtly stated MsiiSe fes card. Anofeet mecbafesm is opbonally stored inslds 
fee card, of wbleb . purpose is to cbange the comder ?3ms 41 escb tbne fee card is eiiebed. 
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Smm the imblm card ID 44 iypioally ssst plhy my mmm the Ax&^mi&m&n im>om* ft 
if added to the- immx^t&i. signal 46 after ii^ gs^srsilss of t& rarihmn Ssfs X f (45). It 
should fee noted thai the 2&b& T~OES Is only ah optkm to generate the random ntamheis m 
the oani $se& other pseudorandom generators isay he assd Instead^ 
5 Since eacij Omission 46 m>m the card pMds a progressively highor eonmer vslne, 

a new date 4S is gsnen^h ^hich is a t«tet|m of the mmst card. ID 42 m& the 

««i8f« **?»» 41, lowing the role by wMeh the &cmtes?s rsbm changes, as. arfehfary- 
sked set sf fetors mbmhs^s cm be anticipated. In am exemplary enihadfrnssl of the Invenfen, 
fee card is expected to withstand at 'feast X0 S 9M ^assesmrssses, a set of 10,000 random 

10 mtoahers jus hashed and atored m a database 50 or 40 (wiheh is nphsnaliy contained m the 
AMheniks&sn server), 

uph.onaOyv whenever £ae eard is choked, the card's ceax4sr value increases seesrdms 
to -Ute pa#sfeed Me> Tim im&mmd mmi^ft'Mm 41 fe# c&rd% IB imbiber 42 
&rs to ganerat^ a B^om riiimb^ by applymg the card's fetmsal two i^sdemsBd keys 43 

15 (I-BBS), llie miite. nsnsber 45 is t^mimiitM, along wife fe ? ife card ID 44, to the 

Optioxidly, "vgxm /ttso^^g : ^tm^mU^ dm.Mrimm oatd, fee A^fea^ostion 
server eraots fee pfelle eaM ID (47). asKl gps^&tefe fern the remaifersg data (X^) 
B-umb^r 4S ( ^ ), and fee M Mil ■.dsSsb^^lts ao&mn 49 

20 oftaMe -50, 

In an ^axnplary embodiment of the m^sSoQ t fee rows fee &&§h table are arrangod 
according to fee ong&ial coi^xfe values % namely -fee fesirow of fee table croMns ma !m?feed 
p^ib^ SO: yl w&h iipr^ss fee miti&I eoimter^s ralae* the second row tspsssessfs fee 
second couBtef 'i? value sad. so cat 

25 Optionally, the Aiifbentfcatlom pmoefexre is ktsed on fee dmmiet oBcfc immfeer (see 

table; 50), If fee oard is oliefesd fe fea iSst t^ its eoimters Talue k expected to be fee 
fettial random v&hxz m was set during fee maai^faetming process of fee card. Upon recdviag 
feetraasmitted dam 46 &am fee eard, the AufeeiMoatlo^ server applies the hash ffeiotioB 48 
on this data to yield the first hash mmrhet yl (4£A), Sfeoe yl presents fee ongmal first 

3D eomiter vafee, it is expected to be fbaod m fee first row in taMe 50, wbieh eorrespaods to 
coimter diek nmtfeer 1 (gee tabM: 501 If yl is not :fem.d fe tsbk -.SO or is -not f board fe e lo w 
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. row rmmbet, whisk esn far e^mle m-e~defeseb est a pvprn® of ise ssan wfeefe may fee 
M.mm&pte-lemmi. by system. Hi© card Is assist to be Capites.. 

Wlten the Aafeembcatfen aqfrar xe&fcm- the second ixansnmsion 46 fc$sx fee eato, 
fee ssrwsr hashes 48 the dam X t <T desstes the eanl's elolc mimlssr) to yield aaofeer bash 
S valnd 48: j„ after wltom M m saarstefe for la table 50, It k takes iste amomxi feat a. 
mmm®?. mmixt mistaiosfey sgpsms im card seveife times between each two trsmsaeiom, 
bad neverbrsless, feare is still a logical limit to smb. wtifksM so^eeses, A deeislonmsaMsg 
algorithm, relatksg to this logics! mtfe, may tabe fete sooonat dtSfcxeot coBsMemtfotto. 
Ifeefte-e, If &g seeoad s^eeh^ dam yields a bash mmsber like y8 s wifefe. xsfmssmts oomtoa- 
10 click nntrfeer 8 5 It might be ear^idered a viable trsnsmissbm of a legitimate card. If s 
however. Hie seaond rscafeed data yields a bash vase Uke ylSS <49B), the cam, &® which 
Ibis data was traaarailtefe may be eaasidersd iliepihmbe, or ©fear decision may be t$km. 

Tim Atfexafeieaifen ptoceto optiosaily MMes, fe^afem, to tie dliierenee between 

15 hy^mmt^dMkmmh^ 

In as exeaapiaty embodiment of the fe^erfeoxa the Aatearrfesabos. pweedarss 
repeats itself e^ery tbae fee Asttetleatlos server reaelves a tearrdtted dMa, Each reeeteaa 
data is besl^efe seamhed for irs fee basb t^sis and fee srarespomtfeg caara^r click ssaafeer m 
compared agafest His last teow« cfemter ebok xamaber. 

2b rig, 4B illustrates a seeerah ahemafxve, possible Amti«^^oji, S8i«3S, Wbea fee 

earn is mamrfeetotefe a set 52 of pseudo-mnatem xsmibers is germaled* for eseampH by 
ashm a key 5.1 aad hashed, The haab raambers are stored both fe fee cafe aad hi fee server 50. 
Ateroatwely, origfeal rmmbera may be stored m one or bofe locations. Ths mate members 
geaarteorfecy 51 may be say geaer&tor Mows fe fee art. After compfetfeg fee process of 

25 geBsraifeg, hashing and storing fee bask wm&m*. fee bey is discarded. Wbenevex a card is 
elokes, pointer 49C points to fee {sew) eaasectotos hash ntanban which is to be transmitted 
ixom the card, to the server, eaeb reserved bash amrfesr (yl ? y2 s etc.) Is sesrobed for fe table 
50, aad if it is toarsd ? fee corsesponafeg eoaa ter ebok raaaber is dbtatorlned, 

The .Anfeeabsatlors. process is eotoinued fee same way as to fee first scheme; namely 

30 by comparing tbe eonatsr obebs of copseabtive recepttoas trora a card. 

In some aafeofemeats of fee m>-mtia^ iaformahon Is tmasnatted from fee 
aafeetoicabofeidetolffesbou device over fee telephony system. The telepboay system is 
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micmy dmismd to 4*fer ttdfa signals and to high aro lilted, and 

therefore irsnsnils^n of Mmtoio gigBBls is carnally acceptable over the 'regular telsrmony 
system. Tim v some signal is wmzsd in iplp^my m^hmmtmQm. A same card may be 
need to tmz&nt simvtlmmwty both mmm md mm®mc sigsaia. Mora parlictttarfy, in m 
®&mpl®zy msbommmt of % fevemiom the infeaiabkns is transmitted utSEafog Fzpqumcy 
Sbbh Keying of soma signals (k«m after will be reffesd to sa mmtbone fSK), 

M ^SK h dilxamst dm symbols am nmreserbed by & drerott fraqpandes 

eaefe symbol is assigned a fnedafeied fitt&eacy), so feat fee dettx&tg of mch. a 
transmission. Is carried out by roodmabing data symbols tsfi&smg 'tawsmsawm of signals of 
predefined frequonciss. According to no exemplary emfeodbsem of lie kveanaon fbor 
fteqnssoies FCL FX s P2, and F3, are rmsM fca me mMiStope signal 

Pig. SA scbomadcalfy lllnsfenas me sttnemre of tie mtbbbane FSK. signal, asoordkm 
to an exemplary embodmiom of tie invention. The irwm&smm starts will a deieerlma 
psgmbfe comprisleg two frequeocles IhTtt/TO and Fl-l/T! pwv .soxtxKJids, however; 
other vm» ferns, for example ore-filtered, may be nsed instead). The first part of the 
detection preamble eomjmse a signal of ttaqnsraay FO over ao bctervai ofnb*Tb secombr and 
me second pari of the detention press* comprise & signal of frequerasy Fl over as baterval 
of rsl^Tbj where ml and nl are imagers snb Ibis the duration msceonda of s symbol, celled 
the symbol mtarral, The oa-eq^cy s-qneBoe ublbsea for detection may be comprised from 
nny mrnaber of p^defmsd ireqaendas, for ^ample !: frsm bbe set of &u$usos£ds ubdmad for 
FSH eeoohang. The detection preamble is ophonaby followed by a synchronirndon sequence 
and then fey the eneoded data, Qtber orders asdbox signal parts may be provided, for example, 
an error correetlon section. 

The process of signal defesbeai ana encoding is Mtistmted In j% 6 S in a fnrm of a 
bo* chart. The Bxlben amrsrhnn & ^M^M*)}. of hhe signal *K.i^ve&M 610ms 
nbbsea fa 600 to obtain the complect snalybeal represemattoxt 4 " A of to rscd , ?sd 

signal, ..the complex analytic representation ^ j s used beeanse mvier this model, 

mxmmAdk, wbicfe are fhncdoss wttb bnae varying aoiplitobes, b acorn e complex exponentials 
of anit magnitude. Sinusoidal signals eonelated with each ether with an unknown delay can 
yield a aero oabpvt even when .the ttvo are of fee same freqnsncy. This can be seen nem the 
following 
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Hf<Mf £ H 

For the complex analytic r^reB^aboB, bowever, ^ fee 

So diattbis feroa of eccteiaboB detection M less Thhserafeie to the delsy mca^^lfe^twssp the 
ootTelaisd endows ^ or the totiqs of&e eas^afa a^b s w&ik allowing oifear signals to 
be detected, Bcaaewa^ m mete ummmmim dm&m wm&mg expected 

edhoes msSm Mqumsy 6ssm^mt srtifecis sad delays with signal p^atkg fcs^ware, 

10 mk ft tmdsorXmay be deskahle. In addition the tradeoff -may eSow & loss OT^^os^ly 
iMssslvo dstssta method to be need, so tfeal the PC may be uses as a detector* miser tat a 
dedicated m®. Such a tmdmEmm also be desirabfe m other prx^b^saile sitofes, fer 
example, detecting RF signals transited fey sssdi a feaodlasld card asd detecting ultrasorbo 
sis&ais immmtte& fey the m^.m& received by aiKss-dsdlestod smerof booe, 

IS At m>. 602, 603, 604, sod 60S, &o deteatfett of a ptaasB&m signal is psrfetmed, for 

vrnmpi* hmsd m correlation tests m mssmti SB. The detection ba fer 

based m the collation of 601 detained by the <XMxkfa& Ml and Sit The celadon in 
601 Is performed on the received signal and a delayed portion of the received signal for the 
purpose of detecting the simssoids F0 and Fl in the deieettoa. preamble of tie transmission, 

20 Altexosd ve!y s other deteeboa methods are used. 

The correlator 501 correlates the samples received m the interval 

i~~ (» a r* yn£* 0 - } wi& SSSS£ pim received lit die Interval 

i-(7%T^Sr &t y% «here t Is a given moment m thne. Similarly the 

correlator 311 correlates the samples reserved in the federal 
25 *- <>%ra-~-C^)/2 £ 2 ) ife samples reo^ed in &e mterva! 

i (» 0 -fVsM * * C ? hA) ~ ( n ^) i2 .(Bm± 3% The ehoieo af symbol interval r * oeed m 
eals^labng hhe above eoareMibfes is optbxxally derived from eonsideratioas regarbkg the 
hardware that gesaaraSos d>o traoBrrbsslon waveform. M acaordarsoe with the hardware, 
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raiairaaas aad maximum swahol durations are optkainlly MaaiM< tarn. wMdi the 
correlator will as» ibe f mn f mnm & iMa way, the aorTslslxjxs naay be better gaaraataed to 
exsloaivsiy iabanify their amended fesa?nerades> ; 

Is 602 m Qamlmts mmm ate vslidated ; this is optionally pBtBaaaeA abEahig 
sbeera 502 md 512. The mesas 502 and 512 ofilon&ly issae i®l fadkatiaa wi»saev*r 

tb«crokti0a.t^^ % ^a % respaedvclyblfthe 

signs! neesivad k of the form d^ictet is Fig. $4 fcsa. the crag** ofmzmlmts 501 and 51 1 
will late a maximal ooirdsrlon* m& Miasm 502 and 512 will iasne a trae Mlaatlaa, 
wfeiob will remit in issning a TRUE ladiaatioa. on 516 (Le„ signal ctefen). U ass 
ezsmplmy m^mmmt of the axvealioa, &s taresaold is dsteilnod based on due aoiae 
level, lor ssampe, by analysing ®& sanndtude Isrrd la a Immm part of tfe signal for 

Alarnaavaiy ox a4dabioaa% to die above ootreisiion aaetdcv the oonnalna analybe 
signal jsay be nsed to esihnate the nro^nenoy in fes given widows (FO and Fl). Assaraing 
that the signal In the window m a eompte aaposeailab tbronga the entbe wheAow, we 
oan oscpsot the wavoaaaa to look like 

5 

xy * 

where '* is .aoise. Aosassfrngty*. m^iipfesag. tmy sample r « by Its daisy coajagaied r *~; will 
yialn fee consbaat 

« 

Tku% by finding the aoglo of the complex naxaber r * r «~* and av-a-agbig over the 
window * w| ~*rf»*"-»f r m ^g^sfe of the Ifeqa.ancy ® nary be fcand. Optionally the 
estimate is coaspsxed wild a boasos on wbat feqnasey are allowed, which hcmnd m 
optionally defined based, oa the si&ssfent kacfess^ies la barawars abat generates the 
signal and/or wall as the aainlmam SMb allowed. :0iereibre 5 a signal may be accepted based, 
on wba&er It baa snffideai eorrsiatiDa energy (frorn &e correlators 501 and 51.1) and/or 
whedier it has an acceptable Aeqneacy 

Oa the odder hand if ene of aba eorrelanea rsaabs f flora 561 and 51 L is not Mghsr 

than ibe rsspecdye llaesboid or the correlauoa is iavslid, and tbc process starts ail 
over again ftoai did as a aew satapie is rebievgd. fftbe correlafipa passes the validation test 
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m 602, in 603, wtfQ&ee test is cpfiemsSy fsrfbmecl to d^taime ^stbsr Sep»« mi. 
m mm to Hake 88&} are wrihm m Heoepbfete tolerance for deteetioa, Tht 

tixzpmssm are opbmially estimated n*feg m approach described, m "A and A&cazafe 
8fegte Ftepaiency ■Bstortor.'* by Shfe IBBE T^saoifens on &mw&m> Speech, md 
S Signal Fro&mf&ngs Vol 37, Ho 12 s Deo W $% where fee data need m fh& Uay analysis Is the 
same as tfaat already in tile ds%' 8dm ibr using the chelator detector described isremotsslf, 
whereas fe< M is mmsfoa&.b? using s wfedow of delayed, mapkss to estimate m 
&m^my-4m^ndm noise power, Qnee the nsme power Is estmtatad, deteohon I® ;c#tiau$y 
deisrrnioed ssrog statistical h^oihesls testing hetweea Hie eoergy at fee onrpet of the 

10 receded OTektsrs the eriergy at the same Sequel as estimated torn the noise 
window. tMm&feby, the femshoM Is opte&ISy oatefeated isskg fee MeymanU^soai 
crtieriom (This approach. Is described in US pateat applfeahon Mo< US 09/570390 of fee 
same a|sphcatd), if it Is determined feat &eqeescles and fee SHE are set aoeepiable for 
deteetlom -fee peaces* starts agafe fcesa 610 (as a sew sample is rehired), 

IS AfM- klgii resoMiou estimation of the traassslttacl fteqasaeiea is pedbcmfe& $85* fh» 

rreqaenciss obtained are optionally tested m 604, to deterrrdne whefesr feey ate m m. 
acceptable range fe view of fee fmquemdss devlalkms. As besbre. If it is detemamed that fee 
estimated fceeoescles ate mt m an acceptable range, fee process mm agdn from 610 fes a 
new eanopk is retrieved). If fee estimated freguencies see k reage, in 606 resampling 

20 a-rlerpoiaiUn) is perltoed so feat the symbol interna will be an miager mrdtlpfe ^of 

fee new sampling bdervsl ?* s so feat T i By fezemg M$ mWsmMp -teqtft 

halerpo!ailoo ? fee data Saqoeaeies 5 wbidx are ell related to fee symbol interval by the relation 




wife fe an irdoger, will generally be orfesgonal to each other in fee digital domain with 

25 smptm spaced by T <\ In this way, when detection is performed, mierferemee between 
synfeors m optionally nfennnaad, Ifee resemplad slgsal isfeen opnonahy ufefeed fe fe)7 to 
ealenlMe fee signals timing feora a Isqowe nrsamfele, p'his approach -is dasonbed in US 
patent sppiicstion No. US 09/370399 of fee same applleast)., which is nhllssed fe. 60S to 
ferfeer determine if fee signal ia -vaml U It is determined feat fee signal is tafed s fee 

39 proaesa stats again from 610 las a. new sample is retrieved), if a. -valid Indication is obtained 
fe OOfe delectiea Is eampleted and. the deeoding operations are performed in. 600, Other 



wo ammse ^utmmmiM 
detection schesrms, for rassple wife fewer fe^ or wife & greater aa^te cnetftte and/or 
wife additional sadder ale^anve vedScstien arberbp may be nsefe 

■Fig, 7 mmz^my Bmkms fee heending apzmm, aoecurimg to a prefeed 
eofeodlmeot of fbsr irreefct&BL T&e rgsa^isdMsIgssL ©btsfeed is dbfe is ©ousted fe 
eormlatoxs 70% ?02 5 asid 703, the t&mhss: of correlators Is opbooslfy fee sane as the 
masher of &®sm ^mmmmm (syfehols) ndhdsd for fee FSC tmsmiMm Alternately, & 
single oomdstor may be The resampled signal 700 is wmtemd wife fee estimated 

£fe$20B£fes for each signal ^^ -"A , ^ ^ estimated, for example, r>»m tbe Kay 
algsstfem^fOTa^l above. The slices 711, 71% m & 713, test fee outpfe of each cmtefe 
'701, 702, am! 703, respectively, to deiemaPe if & m&xinssm eorrmsdon is obfebsed. 
W&awvcr the output of a somelaior .702, 702 or 70S, exceed fee fereslmbl of fee 
cortesposdfeg slleen a mstoh mdim&cm. is issued on fee onipai of the respective sheer. This 
fedlesdoo is aebtady a decoded symbol. • 

It m& be appredsted feat the above-described methods of anfeemieation may be 
varied is many ways, ibr example, enasgfeg fee order of steps or fee surBber of security 
meoliamsm, used,. While fee appheatioo has Ibeusad cm sard, afehefeicsboa over fee Mernet 
other msfeermesdorrsitaasioas are feiesded as welt Im addition, a muMplieity of various 
features, both of methods ami of devises has bees described. Where methods ere described, 
devices for carryLpg oni fee methods are also contemplated. It shofed be appmeiated. feat 
different featuK^ may be oombmed in different ways. la pafeoalap not all fee features shown 
above in a particular embodiment are necessary bo every similar exemplary embodiment of 
fee invention. Frnfeen eombmations of fee above features are also considered to be wlfefe 
fee scops of some exemplary embodiments of the immtkm, Also mfefe fee scope of fee 
ameotioo 8&-<m^W}-h$%&mzis, aad/ar Brmware ibr carrying out fee methods, am! devices 
aae/or roflwam fer p^ogsmnromg existing 'devices to roalce the device comply wife fee 
mefeoas described herein. Section hesfengs where feey appear are meant ibr dafery of 
browsfeg only and smmld not be censlroed as landing fee cameras of a section to feat 
pafeemsr section. When used in the Mlowing claims, fee terras J; eornpriees : f "mefed.os H . 
"have * and feed conjugates mean "including but not limited, tor 

& will be appreciated by a person skilled fe fee art feat fee present feveniion is not 
limited by what has thus far been dcscdbed, Rather; fee scope of the ptesefe meenuon is 
limited only fey the fellowiog claims. 
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1. A rnslM of a^^calmg, ss&tg m su&sMkiitlGE aarv^ fhs use of axi 
aatfeoa&sadoB defies over a ooBaimmoatios s&twssfc vte «& i^mmo&m mmmmZGgijsm 

S device, mmpzkmg'* 

sseefcrisg as apfe^M^iss. datagram by said. issteedist® imim;. 
pmtsjstkg said datagram By said B^emedlMs dovioe, By as kast ooe of dtaoggag* 
Mdi»g.% ^a^tmg as4 signing of said datagram; gad 

forwsep&og said datagram to said astfceMicasisss: ssr^er !br ass&asMesdos, 

10 

2. AwefimA according to clam L ^fesrem said ihfeg&edttfte device comprises a veador 

3> A racked according to claim 2* ^wh^mm |smtscimg vm®p$m : s&§m & IgBSfee 
15 associate wife aM-vtatox to sals! tegm 

4, A mefeod asoot^fcg to claim 2, \^fereio pratocfeg ®&m&mm m&yp1$8% ssdd 
datagram, 

20 5. A raotfead accstdktg to aay of claims l~4 s wkvmsi said o^smisdiate dc^co cornprlsss 
a. mm- comp^sg device, 

6. A ms&ad sccordkg is olalm S s wfcsrsm said oassimtrng device adds a time stamp to 
said datagram. 

25 

7, A mc&od according to claim 5, wlierem said ©ass^atifig device adda a veafe-< 
associated raldxmstiois. it©m to said datagram. 

S <: A .method accorsStsg to claim S s whorola said eormsotmg device oaorvpts said 
3 0 oaiagxaTT.!.- 



9. A method according to claim 8 S wfaotom said eoeryptkai imos a one time cods. 



wo $&&mm 



ia A m»$m& mmrim m olaim 8 sr eliife i#TOs said 023® time ^.mpxmmd fey 
a vmfcior a. partktdar sm&im -with said uses, 

5 X L A ras&od according to claim 5>. wkersm sals nser mfag&wg dwiop mm an 
■mafoa&kA m£mw® component ibr said pim^stmg, 

12. A msmd aecomirig to claim t% wlmsmsi said embedded software comprises an 
ActiveX esoiponent 

13. A msfeod ms&t&ng to sMm II, -wberem said eompo:asm is cached on said -user 
deviee. 

.14. A sgtifid aeeoMmg to claim: %% vmmin. said em8po®g%& x^qmzzs a propsrfp value 
1 5 proYidsd by a Yonder to operate. 

Is. A naefood aocording to claim I, ^&^is ec^^midstips between, said Irnormediais 
device asd said server uses a secure eoBneciiasn. 



20 16. A mcdiocl according to dmm t, wlmsm dMSsrenl oornmoniosnoa. paths are osed fot 
said. m$m$&M.m and for tasactios details fesm said user. 

17. A method aeeommg to claim 1 5 wfearalu diftk^at eonrpiumcstinn pairs arc tssed for 
said a^fb^ricatiofi m& for ■■tsaiisactkiSB -datslls .from a vendor to said a^mifealioft server. 

25 

IB, A mstaod of anmsmlcatlon of so 0Hthsa1ic5an.0B datagram by a rssnots aoAstdloatloai 
sawar f comprismg: 

sesmmg an datagsrm fey secern oompatcr emnmhrdesdon irom a vernier 

software to said remote aotheBdcstor; 
*° comparing said datagram or a feaab, thereof to a hash table at said server; and 

gsaerMkg a binary validation answer fey said server wradool an associated 
applanation 



arr/u.a2/«aiaa 
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1% A Bisthsd of aMhsMkadors o€ m ms&ms&ismm. datagrara. fey a risajoie sosMss-dcadoii. 
ser?er s eompdsmgt 

seadlag as. aaasrypted datagram by comptdsr &omtsraic^«m fasa an saibaodaatlea 
5 favim to ®M'm®o&» wa&Me&oa&m stress 

■m&M33& at add garter, tor a &s%vaf»e m^smg said digram or a feasb 



gme:taiXEg & yaMsta mm®? hy said reisote axtfemlifesiioji w^ ? .^s^cs3^> to 
said sesKob^;- 

iwmsrafey said datagram Includes a secaai code mi wbsreia said secret code agists 
ss said mmmMpdm ^m 



20, A taaiiod according to claim 19, wfe-arebx said actbastbsdoo device bscludas & 
plurality ©f seem codes that as© gsaerafsd to spgm: xmr^kfesd. 



IS 

21. A method of generating & code set an au^^ioatlos do?iee s emspsSsmgz 
pro vidmg a oode gsasr&tmg software; 

providiBg at least cos seed cade for said so^ware; 
gerionsdog said code sat aslpg said aofl^aro and said m^; 
20 daeaaaymg said seed bnmadistoly alter gsaie^ing said code set; aad 

storing said cods sat or aa indication tdoroof oo sn aa&£?£c8ta device. 

22, A ma&od according to clairo 21, oompsisiBg generating kasb vsfcus* fir said coda set 

25 23. A mefiod according to alalm 22, eonipisfig generafesg a second gat of hash v$Mm 
far said, coda sol issMg a difTarcot bask fdnciten for said saoood sat 

24. A matbod of cooxmaancaiion bofwees a vendor and a -user nslog aa aadasmiaaiios 
davicCj coaapoalag; 
30 gsaoradog a ops tlaas coda fox the user for a session; 

receiving an antfeenbesdon datagram fxorxx said user; aval 

passing cc. said datagram tot verigoatlori by a rccjcts atohd^cMion sorter If at least 
an indication, ofsaM oca fess code msi raatebss said user la provided with said ; 

3.8 



W® Oram 



25, A method aosordmg to claim .24, ^o^ipmmg slgokg said datagram A| said one 
fimn cods by micl user. 

5 26< &-m$ha& of femote ^aMdstlom compriEmg: 

tecavfog m m&stMQdim da^ani by aa ^tolt€^<M §en>ar £ra& a remote 
aUtiieBlicmi^ device; 

Mal<yimg said damgram. or a . of said dalagr^t to a t#fe 
e&IcMaimg ft-coqd^vaJw in Md mMs;: m& 

10 validating said aaitBmtio^iaii d&&g*&» baaed on aai mamge m said gaunter aw a 

■jksmsm mmim hmng wi&m & certain limit > 

27; 4 method aooomlng to claim 26, comprising: 

Mlmg ^akl a^ostlaanon baaed : -m B^:mcmm0hm^g < km large; aisd 
15 allowing a.B^b^qwnt anfh^tisatloB b&sod on a further moroase of add snfesoqucBt 

validation fecmg bslow a second feshoM, 

28, A method according to claim 27, / wk&dfc said teslmMs am toe same, 

20 29> A method according to claim 27 ; wh^em saM second tfarashoid. is smallor thm. said 
ocxtsin threshold 

SO, A method according to any of claim 26-29, wh^ein said eomitor oompdaos an 
ordinal position in said table Qmt is not apparent^ related to a of pratei rasdom 
25 mm^hors, 

3L A method af domctmg a iramsnnMon ox an aconatic ai^Mtoaa FEC signal, 
oompnslng; 

^img; aa aconstio signal; 
30 aom^feg tte signal into a Hilfecrt^ansform. reprsssniati^ti of tlm signal 

corrdatmg said ooB^mid signal with, at least mia m&rsnce dgnal r^pras^tkg a| 
least one expected, frequency in said FSR signal; 

39 



wo -mmm . inzmMmm. 

tograHBg said e«nrsktion ow m Mesrval: sssd 

S^mmnmg if a signal is p^ss&f* bm®& cm & ttsmhmdm^ at a mmM of sm& 
fcstogtalmg, 

5 32, A method according to gUoba 3 t s somprMsg £s$m- dmmmmm if* clstetsi signal 
has a ixsojjmc^ wifeiB a oeriam ftsques.«y tsags, 

33, A method mmz$m& to clmm 31 or s&mm 32 s comimsmg fiMhsr de^msmfeg if a 
detected sigaal has & signal tbwme^o wlfehi & ©sitais signal to solse xatlo taoge. 

10 

34 A tnsthod sosordtng to claim 31, eompsistog xssra^liisg saM' signs! «te said 

35, A msftod asoosding to cMm M P wtesk said feifesM Is seise damsons ©f fee 
15 rsoei^ed s&gs&L 



36. A is.dfe.od wai^ to olsfea 3% campsmm caletoistfeg said fetorv-si based m. & 
hsmw^srs dharaclsoBSic of apxodmsarof said s«mstlo slgadl 
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